FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-5110

This CVE name corresponds to:

Entered Topic
2008-11-18 syslog-ng2 -- startup directory leakage in the chroot environment

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-5110 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-5110
Phase Assigned(20081117)

Description

syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present.

References

Source Reference
CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505791
MLIST [oss-security] 20081117 CVE Request (syslog-ng)
GENTOO GLSA-200907-10
HP HPSBMA02554
HP SSRT100018
SECUNIA 35748
SECUNIA 40551
VUPEN ADV-2010-1796

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.