Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Gentoo Linux: GLSA-200907-10 Low Risk Chroot Escape in Syslog-ng

gentoo
Calendar Grey July 12, 2009
Dist Gentoo Esm H88
CVE-2009-1234 relates to a syslog-ng vulnerability on Gentoo, noted as GLSA 200907-10, that may allow unauthorized chroot escape access. Update now for enhanced security
Syslog-ng does not properly initialize its chroot jail allowing for an escape if a separate vulnerability in Syslog-ng is exploited.

Summary

Gentoo Linux Security Advisory GLSA 200907-10 https://security.gentoo.org/ Severity: Low Title: Syslog-ng: Chroot escape Date: July 12, 2009 Bugs: #247278 ID: 200907-10

Synopsis ======= Syslog-ng does not properly initialize its chroot jail allowing for an escape if a separate vulnerability in Syslog-ng is exploited.
Background ========= Syslog-ng is a flexible and scalable system logger.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-admin/syslog-ng < 2.1.3 *>= 2.0.10 >= 2.1.3
========== Florian Grandel reported that Syslog-ng does not call chdir() before chroot() which leads to an inherited...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory gentoo local exploit low severity chroot escape syslog-ng

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
low
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory gentoo local exploit low severity chroot escape syslog-ng

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here