CVE-2011-0343 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2011-0343 Interim 1 11 2021-12-09T00:43:57Z current 2021-05-30T12:55:49Z 2021-12-09T00:43:57Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2011-0343 Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 openSUSE Tumbleweed syslog-ng-3.4.5-3.5 syslog-ng-3.8.1-2.2 syslog-ng-curl-3.8.1-2.2 syslog-ng-devel-3.8.1-2.2 syslog-ng-geoip-3.8.1-2.2 syslog-ng-java-3.8.1-2.2 syslog-ng-python-3.8.1-2.2 syslog-ng-redis-3.8.1-2.2 syslog-ng-smtp-3.8.1-2.2 syslog-ng-sql-3.8.1-2.2 syslog-ng-3.4.5-3.5 as a component of SUSE Linux Enterprise Module for Legacy 12 syslog-ng-3.8.1-2.2 as a component of openSUSE Tumbleweed syslog-ng-curl-3.8.1-2.2 as a component of openSUSE Tumbleweed syslog-ng-devel-3.8.1-2.2 as a component of openSUSE Tumbleweed syslog-ng-geoip-3.8.1-2.2 as a component of openSUSE Tumbleweed syslog-ng-java-3.8.1-2.2 as a component of openSUSE Tumbleweed syslog-ng-python-3.8.1-2.2 as a component of openSUSE Tumbleweed syslog-ng-redis-3.8.1-2.2 as a component of openSUSE Tumbleweed syslog-ng-smtp-3.8.1-2.2 as a component of openSUSE Tumbleweed syslog-ng-sql-3.8.1-2.2 as a component of openSUSE Tumbleweed Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files. CVE-2011-0343 SUSE Linux Enterprise Module for Legacy 12:syslog-ng-3.4.5-3.5 openSUSE Tumbleweed:syslog-ng-3.8.1-2.2 openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2 openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2 openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2 openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2 openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2 openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2 openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2 openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C