CVE-2015-3243

EUVD-2015-3298
rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
Affected Products (NVD)
VendorProductVersion
rsyslogrsyslog
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
rsyslog
bookworm
unimportant
bullseye
unimportant
bullseye (security)
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rsyslog
precise
not-affected
trusty
not-affected
utopic
not-affected
vivid
not-affected
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2015/06/18/12
http://www.openwall.com/lists/oss-security/2015/06/20/3
http://www.securityfocus.com/bid/75298
http://www.securitytracker.com/id/1032885
https://bugzilla.redhat.com/show_bug.cgi?id=1232826
http://www.openwall.com/lists/oss-security/2015/06/18/12
http://www.openwall.com/lists/oss-security/2015/06/20/3
http://www.securityfocus.com/bid/75298
http://www.securitytracker.com/id/1032885
https://bugzilla.redhat.com/show_bug.cgi?id=1232826