← Back

CVE-2011-0343

nvd nist
Published: Jan 28, 2011Modified: Apr 29, 2026

JSON object

Loading...
6.9
Vector
AV:L/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 3.4 / Impact: 10.0
Source: NVD

Description

Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.

Affected (8)

Oneidentity
1 product
Syslog Ng
Configuration A
8 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Oneidentity
Syslog Ng
Version 2.0
Syslog Ng
Version 2.0
Syslog Ng
Version 3.0
Syslog Ng
Version 3.0
Syslog Ng
Version 3.1
Syslog Ng
Version 3.1
Syslog Ng
Version 3.2
Syslog Ng
Version 3.2
Running on/withPlatform Versions
Freebsd
Freebsd
All versions
Hp
Hp Ux
All versions

Related CWEs

CWE-264
CWE-264

References (10)

Source: cve@mitre.org
PatchThird Party Advisory
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.