Your submission was sent successfully! Close

CVE-2015-3243

Published: 25 July 2017

rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.

Notes

AuthorNote
sbeattie
redhat was configured to create /var/log/cron mode 644
in ubuntu, cron goes to /var/log/syslog, which is 640 with
group access being granted to the 'adm' group.
Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
rsyslog
Launchpad, Ubuntu, Debian
precise Not vulnerable

trusty Not vulnerable

upstream Needs triage

utopic Not vulnerable

vivid Not vulnerable