CVE-2013-0345 in varnish
Summary
by MITRE
varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensitive information by reading the files. NOTE: some of these details are obtained from third party information.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 03/21/2022
The vulnerability identified as CVE-2013-0345 affects Varnish Cache version 3.0.3 and represents a significant information disclosure issue stemming from improper file system permissions. This flaw manifests in the configuration of the /var/log/varnish/ directory and its constituent log files, which are inadvertently set with world-readable permissions. The root cause lies in the default installation and configuration practices of Varnish Cache, where the logging subsystem does not properly enforce restrictive access controls on sensitive operational data.
The technical implementation of this vulnerability involves the Unix file permission model where the log directory and files are created with permissions that allow read access to all users on the system. This misconfiguration enables any local user to access the log files without authentication or authorization, potentially exposing sensitive data such as HTTP headers, request parameters, user agent strings, and other operational information that may contain personally identifiable information or business-critical data. The flaw directly violates security principle of least privilege and demonstrates poor privilege separation in the logging infrastructure.
From an operational perspective, this vulnerability creates a persistent risk for systems running Varnish Cache 3.0.3, as local attackers can systematically harvest sensitive information from the log files. The impact extends beyond simple information disclosure since these logs may contain session identifiers, authentication tokens, or other data that could be leveraged for further attacks. The vulnerability affects systems where Varnish is deployed in environments with multiple local users or where privilege escalation attacks are possible, as the information gathered from logs could provide attackers with insights to compromise other system components.
This vulnerability aligns with CWE-732: Incorrect Permission Assignment for Critical Resource and maps to ATT&CK technique T1005: Data from Local System. The flaw represents a configuration management failure where security controls are not properly implemented during software installation. Organizations using Varnish Cache are particularly vulnerable when the software is installed with default configurations, as the logging system inherits these insecure defaults without proper security hardening. The issue also demonstrates how logging infrastructure can become an attack surface when proper access controls are not enforced, particularly in multi-user environments where separation of privileges is essential.
The recommended mitigations include immediate permission adjustments to restrict access to the /var/log/varnish/ directory and its contents, typically by setting restrictive permissions such as 700 or 600 for the directory and log files. System administrators should also implement proper log rotation policies with appropriate access controls, configure the Varnish Cache service to run with minimal required privileges, and conduct regular security audits of file system permissions. Additionally, organizations should consider implementing automated monitoring solutions to detect unauthorized access attempts to sensitive log files and ensure that security configurations are consistently applied across all Varnish Cache installations.