Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2011-0343 (GCVE-0-2011-0343)
Vulnerability from cvelistv5 – Published: 2011-01-28 15:00 – Updated: 2024-08-06 21:51
VLAI
EPSS
Summary
Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491 | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/515955/100… | mailing-listx_refsource_BUGTRAQ |
| https://lists.balabit.com/pipermail/syslog-ng-ann… | mailing-listx_refsource_MLIST |
| https://lists.balabit.com/pipermail/syslog-ng-ann… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/45988 | vdb-entryx_refsource_BID |
Date Public
2011-01-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:08.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491"
},
{
"name": "20110125 syslog-ng wrong file permission vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/515955/100/0/threaded"
},
{
"name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
},
{
"name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
},
{
"name": "45988",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45988"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491"
},
{
"name": "20110125 syslog-ng wrong file permission vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/515955/100/0/threaded"
},
{
"name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
},
{
"name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
},
{
"name": "45988",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45988"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491"
},
{
"name": "20110125 syslog-ng wrong file permission vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515955/100/0/threaded"
},
{
"name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
"refsource": "MLIST",
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
},
{
"name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
"refsource": "MLIST",
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
},
{
"name": "45988",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45988"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0343",
"datePublished": "2011-01-28T15:00:00.000Z",
"dateReserved": "2011-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:51:08.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2011-0343",
"date": "2026-05-25",
"epss": "0.00043",
"percentile": "0.13245"
},
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oneidentity:syslog-ng:2.0:*:*:*:open_source:*:*:*\", \"matchCriteriaId\": \"AA602F56-CDB9-42CF-B0EB-EA74A5FF5B2C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oneidentity:syslog-ng:2.0:*:*:*:premium:*:*:*\", \"matchCriteriaId\": \"38AA2F0D-C28E-41C1-A633-739E27C2FB34\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oneidentity:syslog-ng:3.0:*:*:*:open_source:*:*:*\", \"matchCriteriaId\": \"FFA1DF8D-21B7-4C55-B801-E7EC3F52F17E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oneidentity:syslog-ng:3.0:*:*:*:premium:*:*:*\", \"matchCriteriaId\": \"59A4D408-6519-422A-9AFB-FFF4A35E2265\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oneidentity:syslog-ng:3.1:*:*:*:open_source:*:*:*\", \"matchCriteriaId\": \"A4D0AFDC-381A-4F64-89B3-E1025E786AE0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oneidentity:syslog-ng:3.1:*:*:*:premium:*:*:*\", \"matchCriteriaId\": \"05651F7F-AC3D-43E8-AD9B-317E9BC0C2D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oneidentity:syslog-ng:3.2:*:*:*:open_source:*:*:*\", \"matchCriteriaId\": \"7E6936EB-0F07-4A88-866E-A93B36603C0D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oneidentity:syslog-ng:3.2:*:*:*:premium:*:*:*\", \"matchCriteriaId\": \"C19115A4-CDE5-4D3C-A090-050028EEB6BB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9EC02F3-3905-460D-8949-3B26394215CA\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"61A4F116-1FEE-450E-99AE-6AD9ACDDE570\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.\"}, {\"lang\": \"es\", \"value\": \"Balabit syslog-ng v2.0, v3.0, v3.1, v3.2 OSE y PE, cuando se ejecutan en FreeBSD o HP-UX, no realiza adecuadamente las operaciones de conversi\\u00f3n, esto provoca que syslog-ng emplee un valor por defecto de -1 para crear archivos de registro (log) con permisos no seguros (07777), lo que permite a usuarios locales leer y escribir en estos archivos de registro.\"}]",
"id": "CVE-2011-0343",
"lastModified": "2024-11-21T01:23:46.620",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 6.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2011-01-28T16:00:03.390",
"references": "[{\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/515955/100/0/threaded\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/45988\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/515955/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/45988\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2011-0343\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2011-01-28T16:00:03.390\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.\"},{\"lang\":\"es\",\"value\":\"Balabit syslog-ng v2.0, v3.0, v3.1, v3.2 OSE y PE, cuando se ejecutan en FreeBSD o HP-UX, no realiza adecuadamente las operaciones de conversi\u00f3n, esto provoca que syslog-ng emplee un valor por defecto de -1 para crear archivos de registro (log) con permisos no seguros (07777), lo que permite a usuarios locales leer y escribir en estos archivos de registro.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oneidentity:syslog-ng:2.0:*:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"AA602F56-CDB9-42CF-B0EB-EA74A5FF5B2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oneidentity:syslog-ng:2.0:*:*:*:premium:*:*:*\",\"matchCriteriaId\":\"38AA2F0D-C28E-41C1-A633-739E27C2FB34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oneidentity:syslog-ng:3.0:*:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"FFA1DF8D-21B7-4C55-B801-E7EC3F52F17E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oneidentity:syslog-ng:3.0:*:*:*:premium:*:*:*\",\"matchCriteriaId\":\"59A4D408-6519-422A-9AFB-FFF4A35E2265\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oneidentity:syslog-ng:3.1:*:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"A4D0AFDC-381A-4F64-89B3-E1025E786AE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oneidentity:syslog-ng:3.1:*:*:*:premium:*:*:*\",\"matchCriteriaId\":\"05651F7F-AC3D-43E8-AD9B-317E9BC0C2D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oneidentity:syslog-ng:3.2:*:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"7E6936EB-0F07-4A88-866E-A93B36603C0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oneidentity:syslog-ng:3.2:*:*:*:premium:*:*:*\",\"matchCriteriaId\":\"C19115A4-CDE5-4D3C-A090-050028EEB6BB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9EC02F3-3905-460D-8949-3B26394215CA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61A4F116-1FEE-450E-99AE-6AD9ACDDE570\"}]}]}],\"references\":[{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/515955/100/0/threaded\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/45988\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/515955/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/45988\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
CERTA-2011-AVI-032
Vulnerability from certfr_avis - Published: - Updated:
Plusieurs vulnérabilités sont présentes dans syslog-ng. Elles permettent de contourner la politique de sécurité ou de provoquer un déni de service à distance.
Description
Plusieurs vulnérabilités sont présentes dans syslog-ng.
L'une d'elles permet de contourner la politique de sécurité en raison d'un mauvais positionnement des droits d'accès sur des fichiers.
Les autres sont exploitables pour provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
syslog-ng Open Source Edition :
- versions 3.0.x antérieures à la version 3.0.10 ;
- versions 3.1.x antérieures à la version 3.1.4 ;
- versions 3.2.x antérieures à la version 3.2.2.
syslog-ng Premium Edition :
- versions 3.0.x antérieures à la version 3.0.6a ;
- versions 3.2.x antérieures à la version 3.2.1a.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003esyslog-ng Open Source Edition : \u003cUL\u003e \u003cLI\u003eversions 3.0.x ant\u00e9rieures \u00e0 la version 3.0.10 ;\u003c/LI\u003e \u003cLI\u003eversions 3.1.x ant\u00e9rieures \u00e0 la version 3.1.4 ;\u003c/LI\u003e \u003cLI\u003eversions 3.2.x ant\u00e9rieures \u00e0 la version 3.2.2.\u003c/LI\u003e \u003c/UL\u003e \u003cP\u003esyslog-ng Premium Edition :\u003c/P\u003e \u003cUL\u003e \u003cLI\u003eversions 3.0.x ant\u00e9rieures \u00e0 la version 3.0.6a ;\u003c/LI\u003e \u003cLI\u003eversions 3.2.x ant\u00e9rieures \u00e0 la version 3.2.1a.\u003c/LI\u003e \u003c/UL\u003e\u003c/p\u003e",
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans syslog-ng.\n\nL\u0027une d\u0027elles permet de contourner la politique de s\u00e9curit\u00e9 en raison\nd\u0027un mauvais positionnement des droits d\u0027acc\u00e8s sur des fichiers.\n\nLes autres sont exploitables pour provoquer un d\u00e9ni de service \u00e0\ndistance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2010-0433",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0433"
},
{
"name": "CVE-2010-0742",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0742"
},
{
"name": "CVE-2011-0343",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0343"
},
{
"name": "CVE-2009-3245",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
},
{
"name": "CVE-2010-0740",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0740"
},
{
"name": "CVE-2009-0590",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
},
{
"name": "CVE-2010-3864",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3864"
},
{
"name": "CVE-2009-2409",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2409"
}
],
"links": [
{
"title": "Annonces des versions de syslog-ng du 14 janvier 2011 :",
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000103.html"
},
{
"title": "Annonces des versions de syslog-ng du 14 janvier 2011 :",
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000104.html"
},
{
"title": "Annonces des versions de syslog-ng du 16 janvier 2011 :",
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000105.html"
},
{
"title": "Annonces des versions de syslog-ng du 07 janvier 2011 :",
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
},
{
"title": "Annonces des versions de syslog-ng du 07 janvier 2011 :",
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
}
],
"reference": "CERTA-2011-AVI-032",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-01-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans syslog-ng. Elles permettent\nde contourner la politique de s\u00e9curit\u00e9 ou de provoquer un d\u00e9ni de\nservice \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans syslog-ng",
"vendor_advisories": [
{
"published_at": null,
"title": "Annonces des versions de syslog-ng des 07, 14 et 16 janvier 2011",
"url": null
}
]
}
CERTA-2011-AVI-201
Vulnerability from certfr_avis - Published: - Updated:
Plusieurs vulnérabilités ont été corrigées dans le navigateur Internet Explorer. L'exploitation de ces vulnérabilités peut permettre à une personne malveillante de porter atteinte à la confidentialité des données ou d'exécuter du code arbitraire à distance.
Description
Plusieurs vulnérablités dans Internet Explorer peuvent être exploitées afin de porter atteinte à la confidentialité des données ou d'exécuter du code arbitraire au moyen d'un page Web spécialement construite.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Internet Explorer 8.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Internet Explorer 7 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Internet Explorer 6 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rablit\u00e9s dans Internet Explorer peuvent \u00eatre exploit\u00e9es\nafin de porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es ou d\u0027ex\u00e9cuter\ndu code arbitraire au moyen d\u0027un page Web sp\u00e9cialement construite.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-0094",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0094"
},
{
"name": "CVE-2011-0343",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0343"
},
{
"name": "CVE-2011-1245",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1245"
},
{
"name": "CVE-2011-1244",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1244"
},
{
"name": "CVE-2011-1345",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1345"
}
],
"links": [],
"reference": "CERTA-2011-AVI-201",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-04-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans le navigateur Internet\nExplorer. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s peut permettre \u00e0 une\npersonne malveillante de porter atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es ou d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans Internet Explorer",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-018 du 12 avril 2011",
"url": "http://www.microsoft.com/technet/security/Bulletin/MS11-018.mspx"
}
]
}
CERTA-2011-AVI-032
Vulnerability from certfr_avis - Published: - Updated:
Plusieurs vulnérabilités sont présentes dans syslog-ng. Elles permettent de contourner la politique de sécurité ou de provoquer un déni de service à distance.
Description
Plusieurs vulnérabilités sont présentes dans syslog-ng.
L'une d'elles permet de contourner la politique de sécurité en raison d'un mauvais positionnement des droits d'accès sur des fichiers.
Les autres sont exploitables pour provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
syslog-ng Open Source Edition :
- versions 3.0.x antérieures à la version 3.0.10 ;
- versions 3.1.x antérieures à la version 3.1.4 ;
- versions 3.2.x antérieures à la version 3.2.2.
syslog-ng Premium Edition :
- versions 3.0.x antérieures à la version 3.0.6a ;
- versions 3.2.x antérieures à la version 3.2.1a.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003esyslog-ng Open Source Edition : \u003cUL\u003e \u003cLI\u003eversions 3.0.x ant\u00e9rieures \u00e0 la version 3.0.10 ;\u003c/LI\u003e \u003cLI\u003eversions 3.1.x ant\u00e9rieures \u00e0 la version 3.1.4 ;\u003c/LI\u003e \u003cLI\u003eversions 3.2.x ant\u00e9rieures \u00e0 la version 3.2.2.\u003c/LI\u003e \u003c/UL\u003e \u003cP\u003esyslog-ng Premium Edition :\u003c/P\u003e \u003cUL\u003e \u003cLI\u003eversions 3.0.x ant\u00e9rieures \u00e0 la version 3.0.6a ;\u003c/LI\u003e \u003cLI\u003eversions 3.2.x ant\u00e9rieures \u00e0 la version 3.2.1a.\u003c/LI\u003e \u003c/UL\u003e\u003c/p\u003e",
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans syslog-ng.\n\nL\u0027une d\u0027elles permet de contourner la politique de s\u00e9curit\u00e9 en raison\nd\u0027un mauvais positionnement des droits d\u0027acc\u00e8s sur des fichiers.\n\nLes autres sont exploitables pour provoquer un d\u00e9ni de service \u00e0\ndistance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2010-0433",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0433"
},
{
"name": "CVE-2010-0742",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0742"
},
{
"name": "CVE-2011-0343",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0343"
},
{
"name": "CVE-2009-3245",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
},
{
"name": "CVE-2010-0740",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0740"
},
{
"name": "CVE-2009-0590",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
},
{
"name": "CVE-2010-3864",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3864"
},
{
"name": "CVE-2009-2409",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2409"
}
],
"links": [
{
"title": "Annonces des versions de syslog-ng du 14 janvier 2011 :",
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000103.html"
},
{
"title": "Annonces des versions de syslog-ng du 14 janvier 2011 :",
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000104.html"
},
{
"title": "Annonces des versions de syslog-ng du 16 janvier 2011 :",
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000105.html"
},
{
"title": "Annonces des versions de syslog-ng du 07 janvier 2011 :",
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
},
{
"title": "Annonces des versions de syslog-ng du 07 janvier 2011 :",
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
}
],
"reference": "CERTA-2011-AVI-032",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-01-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans syslog-ng. Elles permettent\nde contourner la politique de s\u00e9curit\u00e9 ou de provoquer un d\u00e9ni de\nservice \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans syslog-ng",
"vendor_advisories": [
{
"published_at": null,
"title": "Annonces des versions de syslog-ng des 07, 14 et 16 janvier 2011",
"url": null
}
]
}
CERTA-2011-AVI-201
Vulnerability from certfr_avis - Published: - Updated:
Plusieurs vulnérabilités ont été corrigées dans le navigateur Internet Explorer. L'exploitation de ces vulnérabilités peut permettre à une personne malveillante de porter atteinte à la confidentialité des données ou d'exécuter du code arbitraire à distance.
Description
Plusieurs vulnérablités dans Internet Explorer peuvent être exploitées afin de porter atteinte à la confidentialité des données ou d'exécuter du code arbitraire au moyen d'un page Web spécialement construite.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Internet Explorer 8.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Internet Explorer 7 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Internet Explorer 6 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rablit\u00e9s dans Internet Explorer peuvent \u00eatre exploit\u00e9es\nafin de porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es ou d\u0027ex\u00e9cuter\ndu code arbitraire au moyen d\u0027un page Web sp\u00e9cialement construite.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-0094",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0094"
},
{
"name": "CVE-2011-0343",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0343"
},
{
"name": "CVE-2011-1245",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1245"
},
{
"name": "CVE-2011-1244",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1244"
},
{
"name": "CVE-2011-1345",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1345"
}
],
"links": [],
"reference": "CERTA-2011-AVI-201",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-04-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans le navigateur Internet\nExplorer. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s peut permettre \u00e0 une\npersonne malveillante de porter atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es ou d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans Internet Explorer",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-018 du 12 avril 2011",
"url": "http://www.microsoft.com/technet/security/Bulletin/MS11-018.mspx"
}
]
}
FKIE_CVE-2011-0343
Vulnerability from fkie_nvd - Published: 2011-01-28 16:00 - Updated: 2026-04-29 01:13
Severity
Summary
Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oneidentity | syslog-ng | 2.0 | |
| oneidentity | syslog-ng | 2.0 | |
| oneidentity | syslog-ng | 3.0 | |
| oneidentity | syslog-ng | 3.0 | |
| oneidentity | syslog-ng | 3.1 | |
| oneidentity | syslog-ng | 3.1 | |
| oneidentity | syslog-ng | 3.2 | |
| oneidentity | syslog-ng | 3.2 | |
| freebsd | freebsd | * | |
| hp | hp-ux | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oneidentity:syslog-ng:2.0:*:*:*:open_source:*:*:*",
"matchCriteriaId": "AA602F56-CDB9-42CF-B0EB-EA74A5FF5B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oneidentity:syslog-ng:2.0:*:*:*:premium:*:*:*",
"matchCriteriaId": "38AA2F0D-C28E-41C1-A633-739E27C2FB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oneidentity:syslog-ng:3.0:*:*:*:open_source:*:*:*",
"matchCriteriaId": "FFA1DF8D-21B7-4C55-B801-E7EC3F52F17E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oneidentity:syslog-ng:3.0:*:*:*:premium:*:*:*",
"matchCriteriaId": "59A4D408-6519-422A-9AFB-FFF4A35E2265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oneidentity:syslog-ng:3.1:*:*:*:open_source:*:*:*",
"matchCriteriaId": "A4D0AFDC-381A-4F64-89B3-E1025E786AE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oneidentity:syslog-ng:3.1:*:*:*:premium:*:*:*",
"matchCriteriaId": "05651F7F-AC3D-43E8-AD9B-317E9BC0C2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oneidentity:syslog-ng:3.2:*:*:*:open_source:*:*:*",
"matchCriteriaId": "7E6936EB-0F07-4A88-866E-A93B36603C0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oneidentity:syslog-ng:3.2:*:*:*:premium:*:*:*",
"matchCriteriaId": "C19115A4-CDE5-4D3C-A090-050028EEB6BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9EC02F3-3905-460D-8949-3B26394215CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61A4F116-1FEE-450E-99AE-6AD9ACDDE570",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files."
},
{
"lang": "es",
"value": "Balabit syslog-ng v2.0, v3.0, v3.1, v3.2 OSE y PE, cuando se ejecutan en FreeBSD o HP-UX, no realiza adecuadamente las operaciones de conversi\u00f3n, esto provoca que syslog-ng emplee un valor por defecto de -1 para crear archivos de registro (log) con permisos no seguros (07777), lo que permite a usuarios locales leer y escribir en estos archivos de registro."
}
],
"id": "CVE-2011-0343",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-28T16:00:03.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/515955/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/45988"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/515955/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/45988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-MW34-97Q8-X4QH
Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2022-05-13 01:26
VLAI
Details
Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.
{
"affected": [],
"aliases": [
"CVE-2011-0343"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-01-28T16:00:00Z",
"severity": "MODERATE"
},
"details": "Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.",
"id": "GHSA-mw34-97q8-x4qh",
"modified": "2022-05-13T01:26:30Z",
"published": "2022-05-13T01:26:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0343"
},
{
"type": "WEB",
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
},
{
"type": "WEB",
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/515955/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/45988"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2011-0343
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2011-0343",
"description": "Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.",
"id": "GSD-2011-0343",
"references": [
"https://www.suse.com/security/cve/CVE-2011-0343.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2011-0343"
],
"details": "Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.",
"id": "GSD-2011-0343",
"modified": "2023-12-13T01:19:04.578531Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491"
},
{
"name": "20110125 syslog-ng wrong file permission vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515955/100/0/threaded"
},
{
"name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
"refsource": "MLIST",
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
},
{
"name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
"refsource": "MLIST",
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
},
{
"name": "45988",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45988"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oneidentity:syslog-ng:2.0:*:*:*:open_source:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oneidentity:syslog-ng:2.0:*:*:*:premium:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oneidentity:syslog-ng:3.0:*:*:*:open_source:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oneidentity:syslog-ng:3.0:*:*:*:premium:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oneidentity:syslog-ng:3.1:*:*:*:open_source:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oneidentity:syslog-ng:3.1:*:*:*:premium:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oneidentity:syslog-ng:3.2:*:*:*:open_source:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oneidentity:syslog-ng:3.2:*:*:*:premium:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0343"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491"
},
{
"name": "45988",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/45988"
},
{
"name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
"refsource": "MLIST",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
},
{
"name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
"refsource": "MLIST",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
},
{
"name": "20110125 syslog-ng wrong file permission vulnerability",
"refsource": "BUGTRAQ",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/515955/100/0/threaded"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2020-05-19T19:30Z",
"publishedDate": "2011-01-28T16:00Z"
}
}
}
OPENSUSE-SU-2024:10493-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
syslog-ng-3.8.1-2.2 on GA media
Severity
Moderate
Notes
Title of the patch: syslog-ng-3.8.1-2.2 on GA media
Description of the patch: These are all security issues fixed in the syslog-ng-3.8.1-2.2 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10493
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-3.8.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-3.8.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-3.8.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-3.8.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-3.8.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-3.8.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-3.8.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-3.8.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
7 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "syslog-ng-3.8.1-2.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the syslog-ng-3.8.1-2.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10493",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10493-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-0343 page",
"url": "https://www.suse.com/security/cve/CVE-2011-0343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-1951 page",
"url": "https://www.suse.com/security/cve/CVE-2011-1951/"
}
],
"title": "syslog-ng-3.8.1-2.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10493-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "syslog-ng-3.8.1-2.2.aarch64",
"product": {
"name": "syslog-ng-3.8.1-2.2.aarch64",
"product_id": "syslog-ng-3.8.1-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "syslog-ng-curl-3.8.1-2.2.aarch64",
"product": {
"name": "syslog-ng-curl-3.8.1-2.2.aarch64",
"product_id": "syslog-ng-curl-3.8.1-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "syslog-ng-devel-3.8.1-2.2.aarch64",
"product": {
"name": "syslog-ng-devel-3.8.1-2.2.aarch64",
"product_id": "syslog-ng-devel-3.8.1-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "syslog-ng-geoip-3.8.1-2.2.aarch64",
"product": {
"name": "syslog-ng-geoip-3.8.1-2.2.aarch64",
"product_id": "syslog-ng-geoip-3.8.1-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "syslog-ng-java-3.8.1-2.2.aarch64",
"product": {
"name": "syslog-ng-java-3.8.1-2.2.aarch64",
"product_id": "syslog-ng-java-3.8.1-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "syslog-ng-python-3.8.1-2.2.aarch64",
"product": {
"name": "syslog-ng-python-3.8.1-2.2.aarch64",
"product_id": "syslog-ng-python-3.8.1-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "syslog-ng-redis-3.8.1-2.2.aarch64",
"product": {
"name": "syslog-ng-redis-3.8.1-2.2.aarch64",
"product_id": "syslog-ng-redis-3.8.1-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "syslog-ng-smtp-3.8.1-2.2.aarch64",
"product": {
"name": "syslog-ng-smtp-3.8.1-2.2.aarch64",
"product_id": "syslog-ng-smtp-3.8.1-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "syslog-ng-sql-3.8.1-2.2.aarch64",
"product": {
"name": "syslog-ng-sql-3.8.1-2.2.aarch64",
"product_id": "syslog-ng-sql-3.8.1-2.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "syslog-ng-3.8.1-2.2.ppc64le",
"product": {
"name": "syslog-ng-3.8.1-2.2.ppc64le",
"product_id": "syslog-ng-3.8.1-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "syslog-ng-curl-3.8.1-2.2.ppc64le",
"product": {
"name": "syslog-ng-curl-3.8.1-2.2.ppc64le",
"product_id": "syslog-ng-curl-3.8.1-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "syslog-ng-devel-3.8.1-2.2.ppc64le",
"product": {
"name": "syslog-ng-devel-3.8.1-2.2.ppc64le",
"product_id": "syslog-ng-devel-3.8.1-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "syslog-ng-geoip-3.8.1-2.2.ppc64le",
"product": {
"name": "syslog-ng-geoip-3.8.1-2.2.ppc64le",
"product_id": "syslog-ng-geoip-3.8.1-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "syslog-ng-java-3.8.1-2.2.ppc64le",
"product": {
"name": "syslog-ng-java-3.8.1-2.2.ppc64le",
"product_id": "syslog-ng-java-3.8.1-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "syslog-ng-python-3.8.1-2.2.ppc64le",
"product": {
"name": "syslog-ng-python-3.8.1-2.2.ppc64le",
"product_id": "syslog-ng-python-3.8.1-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "syslog-ng-redis-3.8.1-2.2.ppc64le",
"product": {
"name": "syslog-ng-redis-3.8.1-2.2.ppc64le",
"product_id": "syslog-ng-redis-3.8.1-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "syslog-ng-smtp-3.8.1-2.2.ppc64le",
"product": {
"name": "syslog-ng-smtp-3.8.1-2.2.ppc64le",
"product_id": "syslog-ng-smtp-3.8.1-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "syslog-ng-sql-3.8.1-2.2.ppc64le",
"product": {
"name": "syslog-ng-sql-3.8.1-2.2.ppc64le",
"product_id": "syslog-ng-sql-3.8.1-2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "syslog-ng-3.8.1-2.2.s390x",
"product": {
"name": "syslog-ng-3.8.1-2.2.s390x",
"product_id": "syslog-ng-3.8.1-2.2.s390x"
}
},
{
"category": "product_version",
"name": "syslog-ng-curl-3.8.1-2.2.s390x",
"product": {
"name": "syslog-ng-curl-3.8.1-2.2.s390x",
"product_id": "syslog-ng-curl-3.8.1-2.2.s390x"
}
},
{
"category": "product_version",
"name": "syslog-ng-devel-3.8.1-2.2.s390x",
"product": {
"name": "syslog-ng-devel-3.8.1-2.2.s390x",
"product_id": "syslog-ng-devel-3.8.1-2.2.s390x"
}
},
{
"category": "product_version",
"name": "syslog-ng-geoip-3.8.1-2.2.s390x",
"product": {
"name": "syslog-ng-geoip-3.8.1-2.2.s390x",
"product_id": "syslog-ng-geoip-3.8.1-2.2.s390x"
}
},
{
"category": "product_version",
"name": "syslog-ng-java-3.8.1-2.2.s390x",
"product": {
"name": "syslog-ng-java-3.8.1-2.2.s390x",
"product_id": "syslog-ng-java-3.8.1-2.2.s390x"
}
},
{
"category": "product_version",
"name": "syslog-ng-python-3.8.1-2.2.s390x",
"product": {
"name": "syslog-ng-python-3.8.1-2.2.s390x",
"product_id": "syslog-ng-python-3.8.1-2.2.s390x"
}
},
{
"category": "product_version",
"name": "syslog-ng-redis-3.8.1-2.2.s390x",
"product": {
"name": "syslog-ng-redis-3.8.1-2.2.s390x",
"product_id": "syslog-ng-redis-3.8.1-2.2.s390x"
}
},
{
"category": "product_version",
"name": "syslog-ng-smtp-3.8.1-2.2.s390x",
"product": {
"name": "syslog-ng-smtp-3.8.1-2.2.s390x",
"product_id": "syslog-ng-smtp-3.8.1-2.2.s390x"
}
},
{
"category": "product_version",
"name": "syslog-ng-sql-3.8.1-2.2.s390x",
"product": {
"name": "syslog-ng-sql-3.8.1-2.2.s390x",
"product_id": "syslog-ng-sql-3.8.1-2.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "syslog-ng-3.8.1-2.2.x86_64",
"product": {
"name": "syslog-ng-3.8.1-2.2.x86_64",
"product_id": "syslog-ng-3.8.1-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "syslog-ng-curl-3.8.1-2.2.x86_64",
"product": {
"name": "syslog-ng-curl-3.8.1-2.2.x86_64",
"product_id": "syslog-ng-curl-3.8.1-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "syslog-ng-devel-3.8.1-2.2.x86_64",
"product": {
"name": "syslog-ng-devel-3.8.1-2.2.x86_64",
"product_id": "syslog-ng-devel-3.8.1-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "syslog-ng-geoip-3.8.1-2.2.x86_64",
"product": {
"name": "syslog-ng-geoip-3.8.1-2.2.x86_64",
"product_id": "syslog-ng-geoip-3.8.1-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "syslog-ng-java-3.8.1-2.2.x86_64",
"product": {
"name": "syslog-ng-java-3.8.1-2.2.x86_64",
"product_id": "syslog-ng-java-3.8.1-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "syslog-ng-python-3.8.1-2.2.x86_64",
"product": {
"name": "syslog-ng-python-3.8.1-2.2.x86_64",
"product_id": "syslog-ng-python-3.8.1-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "syslog-ng-redis-3.8.1-2.2.x86_64",
"product": {
"name": "syslog-ng-redis-3.8.1-2.2.x86_64",
"product_id": "syslog-ng-redis-3.8.1-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "syslog-ng-smtp-3.8.1-2.2.x86_64",
"product": {
"name": "syslog-ng-smtp-3.8.1-2.2.x86_64",
"product_id": "syslog-ng-smtp-3.8.1-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "syslog-ng-sql-3.8.1-2.2.x86_64",
"product": {
"name": "syslog-ng-sql-3.8.1-2.2.x86_64",
"product_id": "syslog-ng-sql-3.8.1-2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-3.8.1-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-3.8.1-2.2.aarch64"
},
"product_reference": "syslog-ng-3.8.1-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-3.8.1-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-3.8.1-2.2.ppc64le"
},
"product_reference": "syslog-ng-3.8.1-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-3.8.1-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-3.8.1-2.2.s390x"
},
"product_reference": "syslog-ng-3.8.1-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-3.8.1-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-3.8.1-2.2.x86_64"
},
"product_reference": "syslog-ng-3.8.1-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-curl-3.8.1-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2.aarch64"
},
"product_reference": "syslog-ng-curl-3.8.1-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-curl-3.8.1-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2.ppc64le"
},
"product_reference": "syslog-ng-curl-3.8.1-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-curl-3.8.1-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2.s390x"
},
"product_reference": "syslog-ng-curl-3.8.1-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-curl-3.8.1-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2.x86_64"
},
"product_reference": "syslog-ng-curl-3.8.1-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-devel-3.8.1-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2.aarch64"
},
"product_reference": "syslog-ng-devel-3.8.1-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-devel-3.8.1-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2.ppc64le"
},
"product_reference": "syslog-ng-devel-3.8.1-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-devel-3.8.1-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2.s390x"
},
"product_reference": "syslog-ng-devel-3.8.1-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-devel-3.8.1-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2.x86_64"
},
"product_reference": "syslog-ng-devel-3.8.1-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-geoip-3.8.1-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2.aarch64"
},
"product_reference": "syslog-ng-geoip-3.8.1-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-geoip-3.8.1-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2.ppc64le"
},
"product_reference": "syslog-ng-geoip-3.8.1-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-geoip-3.8.1-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2.s390x"
},
"product_reference": "syslog-ng-geoip-3.8.1-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-geoip-3.8.1-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2.x86_64"
},
"product_reference": "syslog-ng-geoip-3.8.1-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-java-3.8.1-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2.aarch64"
},
"product_reference": "syslog-ng-java-3.8.1-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-java-3.8.1-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2.ppc64le"
},
"product_reference": "syslog-ng-java-3.8.1-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-java-3.8.1-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2.s390x"
},
"product_reference": "syslog-ng-java-3.8.1-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-java-3.8.1-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2.x86_64"
},
"product_reference": "syslog-ng-java-3.8.1-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-python-3.8.1-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2.aarch64"
},
"product_reference": "syslog-ng-python-3.8.1-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-python-3.8.1-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2.ppc64le"
},
"product_reference": "syslog-ng-python-3.8.1-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-python-3.8.1-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2.s390x"
},
"product_reference": "syslog-ng-python-3.8.1-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-python-3.8.1-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2.x86_64"
},
"product_reference": "syslog-ng-python-3.8.1-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-redis-3.8.1-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2.aarch64"
},
"product_reference": "syslog-ng-redis-3.8.1-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-redis-3.8.1-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2.ppc64le"
},
"product_reference": "syslog-ng-redis-3.8.1-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-redis-3.8.1-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2.s390x"
},
"product_reference": "syslog-ng-redis-3.8.1-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-redis-3.8.1-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2.x86_64"
},
"product_reference": "syslog-ng-redis-3.8.1-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-smtp-3.8.1-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2.aarch64"
},
"product_reference": "syslog-ng-smtp-3.8.1-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-smtp-3.8.1-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2.ppc64le"
},
"product_reference": "syslog-ng-smtp-3.8.1-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-smtp-3.8.1-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2.s390x"
},
"product_reference": "syslog-ng-smtp-3.8.1-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-smtp-3.8.1-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2.x86_64"
},
"product_reference": "syslog-ng-smtp-3.8.1-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-sql-3.8.1-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2.aarch64"
},
"product_reference": "syslog-ng-sql-3.8.1-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-sql-3.8.1-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2.ppc64le"
},
"product_reference": "syslog-ng-sql-3.8.1-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-sql-3.8.1-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2.s390x"
},
"product_reference": "syslog-ng-sql-3.8.1-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syslog-ng-sql-3.8.1-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2.x86_64"
},
"product_reference": "syslog-ng-sql-3.8.1-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-0343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-0343"
}
],
"notes": [
{
"category": "general",
"text": "Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:syslog-ng-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-0343",
"url": "https://www.suse.com/security/cve/CVE-2011-0343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:syslog-ng-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2011-0343"
},
{
"cve": "CVE-2011-1951",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-1951"
}
],
"notes": [
{
"category": "general",
"text": "lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via a message that does not match a regular expression.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:syslog-ng-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-1951",
"url": "https://www.suse.com/security/cve/CVE-2011-1951"
},
{
"category": "external",
"summary": "SUSE Bug 697374 for CVE-2011-1951",
"url": "https://bugzilla.suse.com/697374"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:syslog-ng-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-curl-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-devel-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-geoip-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-java-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-python-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-redis-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-smtp-3.8.1-2.2.x86_64",
"openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2.aarch64",
"openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2.ppc64le",
"openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2.s390x",
"openSUSE Tumbleweed:syslog-ng-sql-3.8.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2011-1951"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…