CVE-2015-3243

rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
rsyslogrsyslog
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
rsyslog
bullseye (security)
unimportant
bullseye
unimportant
bookworm
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rsyslog
vivid
not-affected
utopic
not-affected
trusty
not-affected
precise
not-affected
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2015/06/18/12
http://www.openwall.com/lists/oss-security/2015/06/20/3
http://www.securityfocus.com/bid/75298
http://www.securitytracker.com/id/1032885
https://bugzilla.redhat.com/show_bug.cgi?id=1232826
http://www.openwall.com/lists/oss-security/2015/06/18/12
http://www.openwall.com/lists/oss-security/2015/06/20/3
http://www.securityfocus.com/bid/75298
http://www.securitytracker.com/id/1032885
https://bugzilla.redhat.com/show_bug.cgi?id=1232826