Search for vulnerabilities
Vulnerability details: VCID-x9d7-g777-aaae
Vulnerability ID VCID-x9d7-g777-aaae
Aliases CVE-2011-0343
Summary Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-264 Permissions, Privileges, and Access Controls
System Score Found at
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-0343.html
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-0343
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0343
cvssv2 6.9 https://nvd.nist.gov/vuln/detail/CVE-2011-0343
Reference id Reference type URL
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491
http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-0343.html
https://api.first.org/data/v1/epss?cve=CVE-2011-0343
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0343
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
http://www.securityfocus.com/archive/1/515955/100/0/threaded
http://www.securityfocus.com/bid/45988
608491 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491
CVE-2011-0343 https://nvd.nist.gov/vuln/detail/CVE-2011-0343
No exploits are available.
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2011-0343
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.05128
EPSS Score 0.00042
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.