Описание
rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.
Отчет
This issue affects the versions of rsyslog as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Additionally a workaround is available (https://bugzilla.redhat.com/show_bug.cgi?id=1232826#c3).
Меры по смягчению последствий
Please add: create 0600 root root to the /etc/logrotate.d/syslog file, this will ensure the file is created with permissions when logrotate runs. It is also recommended that users manually set the permissions on existing or newly installed log files in order to prevent access by untrusted users.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | rsyslog | Not affected | ||
| Red Hat Enterprise Linux 6 | rsyslog | Not affected | ||
| Red Hat Enterprise Linux 7 | rsyslog | Affected | ||
| Red Hat Storage 2.1 | rsyslog | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
2.1 Low
CVSS2
Связанные уязвимости
rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.
rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.
rsyslog uses weak permissions for generating log files, which allows l ...
EPSS
2.1 Low
CVSS2