Vigil@nce - rsyslog: log file reading
July 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can read the log files created by rsyslog, in order to
obtain sensitive information.
Impacted products: RHEL, Unix (platform)
Severity: 1/4
Creation date: 19/06/2015
DESCRIPTION OF THE VULNERABILITY
The rsyslog product collect and records some system events.
However, it creates its log file with too permissive permissions:
they are created word readable. This applies notably to cron log,
which includes the whole job command line, which may include
credentials.
An attacker can therefore read the log files created by rsyslog,
in order to obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/rsyslog-log-file-reading-17173