FreeBSD : syslog-ng2 -- startup directory leakage in the chroot environment (75f2382e-b586-11dd-95f9-00e0815b8da8)

high Nessus Plugin ID 34816

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Florian Grandel reports :

I have not had the time to analyze all of syslog-ng code. But by reading the code section near the chroot call and looking at strace results I believe that syslog-ng does not chdir to the chroot jail's location before chrooting into it.

This opens up ways to work around the chroot jail.

Solution

Update the affected packages.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505791

https://www.openwall.com/lists/oss-security/2008/11/17/3

http://www.nessus.org/u?fb058b0d

Plugin Details

Severity: High

ID: 34816

File Name: freebsd_pkg_75f2382eb58611dd95f900e0815b8da8.nasl

Version: 1.17

Type: local

Published: 11/19/2008

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:syslog-ng, p-cpe:/a:freebsd:freebsd:syslog-ng2, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 11/18/2008

Vulnerability Publication Date: 11/15/2008

Reference Information

CVE: CVE-2008-5110

CWE: 264