VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 28, 2011· Updated Apr 29, 2026

CVE-2011-0343

CVE-2011-0343

Description

Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.

Affected products

8
  • Oneidentity/Syslog Ng8 versions
    cpe:2.3:a:oneidentity:syslog-ng:2.0:*:*:*:open_source:*:*:*+ 7 more
    • cpe:2.3:a:oneidentity:syslog-ng:2.0:*:*:*:open_source:*:*:*
    • cpe:2.3:a:oneidentity:syslog-ng:2.0:*:*:*:premium:*:*:*
    • cpe:2.3:a:oneidentity:syslog-ng:3.0:*:*:*:open_source:*:*:*
    • cpe:2.3:a:oneidentity:syslog-ng:3.0:*:*:*:premium:*:*:*
    • cpe:2.3:a:oneidentity:syslog-ng:3.1:*:*:*:open_source:*:*:*
    • cpe:2.3:a:oneidentity:syslog-ng:3.1:*:*:*:premium:*:*:*
    • cpe:2.3:a:oneidentity:syslog-ng:3.2:*:*:*:open_source:*:*:*
    • cpe:2.3:a:oneidentity:syslog-ng:3.2:*:*:*:premium:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.