CVE-2011-0343
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2011-0343
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2011-0343.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2011-0343
- Related
- Published
- 2011-01-28T16:00:03Z
- Modified
- 2025-04-11T00:51:21Z
- Summary
- [none]
- Details
-
Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.
- References
-
- http://www.securityfocus.com/archive/1/515955/100/0/threaded
- http://www.securityfocus.com/bid/45988
- https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
- https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491
- https://security-tracker.debian.org/tracker/CVE-2011-0343
Affected packages
Debian:11 / syslog-ng
Package
- Name
- syslog-ng
- Purl
- pkg:deb/debian/syslog-ng?arch=source
Debian:12 / syslog-ng
Package
- Name
- syslog-ng
- Purl
- pkg:deb/debian/syslog-ng?arch=source
Debian:13 / syslog-ng
Package
- Name
- syslog-ng
- Purl
- pkg:deb/debian/syslog-ng?arch=source