Improper File Permissions in Balabit syslog-ng on FreeBSD and HP-UX
CVE-2011-0343

Currently unrated

Key Information:

Vendor: Oneidentity
Status: Syslog-ng
Vendor: CVE Published:; 28 January 2011

🔔 Create Oneidentity Vulnerability Alert

What is CVE-2011-0343?

Balabit syslog-ng running on FreeBSD or HP-UX has a flaw in its cast operations which inadvertently sets log file permissions to -1, yielding insecure default permissions of 07777. This misconfiguration permits local users to manipulate and access sensitive log files, potentially leading to data exposure and unauthorized actions. Keeping syslog-ng up to date is essential to mitigate risks associated with this vulnerability.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/515955/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://lists.balabit.com/pipermail/syslog-ng-announce/20...

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 28, 2011
Vulnerability Reserved
Jan 6, 2011