CVE-2015-3243
Published: 25 July 2017
rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.
Notes
Author | Note |
---|---|
sbeattie | redhat was configured to create /var/log/cron mode 644 in ubuntu, cron goes to /var/log/syslog, which is 640 with group access being granted to the 'adm' group. |
Priority
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.5 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |