CVE-2015-3243
Published: 25 July 2017
rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.
Notes
Author | Note |
---|---|
sbeattie | redhat was configured to create /var/log/cron mode 644 in ubuntu, cron goes to /var/log/syslog, which is 640 with group access being granted to the 'adm' group. |
Priority
CVSS 3 base score: 5.5