DescriptionBalabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.
Overall state of this security issue: Ignore
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
Note from the SUSE Security TeamThis security issue only affects FreeBSD and HP-UX, so no SUSE Linux based product is affected. No SUSE Bugzilla entries cross referenced. No SUSE Security Announcements cross referenced.
List of released packages
|Product(s)||Fixed package version(s)||References|
|SUSE Linux Enterprise Module for Legacy Software 12|| ||Patchnames:
SUSE Linux Enterprise Module for Legacy Software 12 GA syslog-ng
|openSUSE Tumbleweed|| ||Patchnames:
openSUSE Tumbleweed GA syslog-ng