CVE-2008-5617

Published Dec 17, 2008

Last updated 8 years ago

CVSS info 8.5

Overview

Description: The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 8.5
Impact score: 7.8
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:C

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Vendor comments

Red HatNot vulnerable. This issue did not affect the version of the rsyslog package, as shipped with Red Hat Enterprise Linux 5.

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89BF4CB5-5DBF-4D3F-BB71-EAA44A433D9A"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFB62852-2AB0-4DD8-8742-8852E35680BA"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1CD4DC0-12FC-49C5-B2A0-2934ADFEC45C"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4F8C757-DC7C-4611-BFB3-E2D909EBAFA2"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4268BBF-CEFE-4DC0-A540-20BDA4F61BD8"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.13.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2ADEB3C-EC09-404B-B301-CF67106EC98C"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.15.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE774463-3916-4BF5-A8C5-796CD1FD4AFE"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.15.1:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECAECD24-A1B6-4B51-93D4-64CCEEDEB5CC"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.17.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E9185C1-A2A4-490B-B054-DE337D4BBAF3"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.17.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0831F7D3-6E65-4D92-8295-64F0649EDA2F"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.17.4:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9EBE646-1515-4E30-8D6B-B5320A07F798"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.17.5:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12E5FB1C-08E9-4597-B729-9E9D7C7BBC5A"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDA49F2C-F679-4CB6-912F-E1C8F23C3E9D"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5EE3C64E-1596-4AF8-A335-0BDDC9A47C66"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C016F6A1-83BF-4ED7-B811-44DB7B19B60F"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A3A2E1E-7492-486A-916F-B9DDD0E2810C"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDE04C46-348E-4772-BDFC-7A43399741E0"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37C49996-20B7-4763-AA6A-92EFDA69CF6B"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "947E1B5B-E1F7-4770-9163-E8583F631810"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89608E18-768A-4EA1-BEC2-05DEA93C85AD"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B64A837C-553D-433A-9904-FAE91B897DD1"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5907B692-CCD4-40E8-B5FC-E0606996F044"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90C6D691-8ACB-497C-B90B-CAEDE54965B3"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C042D96-9BB4-40F5-B752-0F1DE06BA458"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA326A8D-069A-4C60-B1E8-D83CD2E70DAD"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.20.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47275436-0B5A-4BC6-A3F6-2232BF8D36D4"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:4.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "841185A1-0CD7-4965-A40A-45836037B910"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:4.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4AB0A79C-E420-468E-9388-5E19EA54EA89"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

References