FreeBSD : syslog-ng2 -- startup directory leakage in the chroot environment (75f2382e-b586-11dd-95f9-00e0815b8da8)

This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Florian Grandel reports :

I have not had the time to analyze all of syslog-ng code. But by
reading the code section near the chroot call and looking at strace
results I believe that syslog-ng does not chdir to the chroot jail's
location before chrooting into it.

This opens up ways to work around the chroot jail.

See also :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505791
http://www.openwall.com/lists/oss-security/2008/11/17/3
http://www.nessus.org/u?081e9823

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 34816 (freebsd_pkg_75f2382eb58611dd95f900e0815b8da8.nasl)

Bugtraq ID:

CVE ID: CVE-2008-5110

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now