FreeBSD : syslog-ng2 -- startup directory leakage in the chroot environment (75f2382e-b586-11dd-95f9-00e0815b8da8)

High Nessus Plugin ID 34816


The remote FreeBSD host is missing one or more security-related updates.


Florian Grandel reports :

I have not had the time to analyze all of syslog-ng code. But by reading the code section near the chroot call and looking at strace results I believe that syslog-ng does not chdir to the chroot jail's location before chrooting into it.

This opens up ways to work around the chroot jail.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 34816

File Name: freebsd_pkg_75f2382eb58611dd95f900e0815b8da8.nasl

Version: $Revision: 1.12 $

Type: local

Published: 2008/11/19

Modified: 2013/06/21

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:syslog-ng, p-cpe:/a:freebsd:freebsd:syslog-ng2, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2008/11/18

Vulnerability Publication Date: 2008/11/15

Reference Information

CVE: CVE-2008-5110

CWE: 264