CVE-2011-0343Syslog-ng vulnerability

CWE-2645 documents5 sources
Severity
6.9MEDIUMNVD
EPSS
0.0%
top 87.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oneidentity Syslog-ng
Timeline
PublishedJan 28
Latest updateMay 13

Description

Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages2 packages

Debianoneidentity/syslog-ng< 3.1.3-2+3
NVDoneidentity/syslog-ng4 versions+3

Patches

Patch: bugs.debian.orgPatch: bugs.debian.org

🔴Vulnerability Details

3
GHSA
GHSA-mw34-97q8-x4qh: Balabit syslog-ng 22022-05-13
OSV
CVE-2011-0343: Balabit syslog-ng 22011-01-28
CVEList
CVE-2011-0343: Balabit syslog-ng 22011-01-28

📋Vendor Advisories

1
Debian
CVE-2011-0343: syslog-ng - Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-U...2011
CVE-2011-0343 — Oneidentity Syslog-ng vulnerability | cvebase