This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
Florian Grandel reports :
I have not had the time to analyze all of syslog-ng code. But by
reading the code section near the chroot call and looking at strace
results I believe that syslog-ng does not chdir to the chroot jail's
location before chrooting into it.
This opens up ways to work around the chroot jail.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 9.3