Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2011-0343

CVE information

Published

12 years ago

Last Modified

2 years ago

CVSSv2.0 Severity

Medium

Impact Analysis

Description

Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files..

CVSSv2.0 Score

Severity
Medium
Base Score
6.9/10
Exploit Score
3.4/10
Access Vector
Local
Access Complexity
Medium
Authentication Required
None
Impact Score
10/10
Confidentiality Impact
Complete
Availability Impact
Complete
Integrity Impact
Complete

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:a:oneidentity:syslog-ng:2.0:*:*:*:open_source:*:*:*
  Yes
-
cpe:2.3:a:oneidentity:syslog-ng:2.0:*:*:*:premium:*:*:*
  Yes
-
cpe:2.3:a:oneidentity:syslog-ng:3.0:*:*:*:open_source:*:*:*
  Yes
-
cpe:2.3:a:oneidentity:syslog-ng:3.0:*:*:*:premium:*:*:*
  Yes
-
cpe:2.3:a:oneidentity:syslog-ng:3.1:*:*:*:open_source:*:*:*
  Yes
-
cpe:2.3:a:oneidentity:syslog-ng:3.1:*:*:*:premium:*:*:*
  Yes
-
cpe:2.3:a:oneidentity:syslog-ng:3.2:*:*:*:open_source:*:*:*
  Yes
-
cpe:2.3:a:oneidentity:syslog-ng:3.2:*:*:*:premium:*:*:*
  Yes
-
cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
  No
-
cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*
  No
-