CVE-2008-5617
Published Dec 17, 2008
Last updated 7 years ago
Overview
- Description
- The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 8.5
- Impact score
- 7.8
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:C
Weaknesses
- nvd@nist.gov
- CWE-264
Social media
- Hype score
- Not currently trending
Vendor comments
- Red HatNot vulnerable. This issue did not affect the version of the rsyslog package, as shipped with Red Hat Enterprise Linux 5.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "89BF4CB5-5DBF-4D3F-BB71-EAA44A433D9A"
},
{
"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AFB62852-2AB0-4DD8-8742-8852E35680BA"
},
{
"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B1CD4DC0-12FC-49C5-B2A0-2934ADFEC45C"
},
{
"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E4F8C757-DC7C-4611-BFB3-E2D909EBAFA2"
},
{
"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B4268BBF-CEFE-4DC0-A540-20BDA4F61BD8"
},
{
"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.13.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2ADEB3C-EC09-404B-B301-CF67106EC98C"
},
{
"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.15.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FE774463-3916-4BF5-A8C5-796CD1FD4AFE"
},
{
"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.15.1:beta:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ECAECD24-A1B6-4B51-93D4-64CCEEDEB5CC"
},
{
"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.17.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6E9185C1-A2A4-490B-B054-DE337D4BBAF3"
},
{
"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.17.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0831F7D3-6E65-4D92-8295-64F0649EDA2F"
},
{
"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.17.4:beta:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D9EBE646-1515-4E30-8D6B-B5320A07F798"
},
{
"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.17.5:beta:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "12E5FB1C-08E9-4597-B729-9E9D7C7BBC5A"
},
{
"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CDA49F2C-F679-4CB6-912F-E1C8F23C3E9D"
},
{
"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5EE3C64E-1596-4AF8-A335-0BDDC9A47C66"
},
{
"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C016F6A1-83BF-4ED7-B811-44DB7B19B60F"
},
{
"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A3A2E1E-7492-486A-916F-B9DDD0E2810C"
},
{
"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FDE04C46-348E-4772-BDFC-7A43399741E0"
},
{
"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "37C49996-20B7-4763-AA6A-92EFDA69CF6B"
},
{
"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "947E1B5B-E1F7-4770-9163-E8583F631810"
},
{
"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "89608E18-768A-4EA1-BEC2-05DEA93C85AD"
},
{
"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B64A837C-553D-433A-9904-FAE91B897DD1"
},
{
"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5907B692-CCD4-40E8-B5FC-E0606996F044"
},
{
"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "90C6D691-8ACB-497C-B90B-CAEDE54965B3"
},
{
"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C042D96-9BB4-40F5-B752-0F1DE06BA458"
},
{
"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA326A8D-069A-4C60-B1E8-D83CD2E70DAD"
},
{
"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.20.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "47275436-0B5A-4BC6-A3F6-2232BF8D36D4"
},
{
"criteria": "cpe:2.3:a:rsyslog:rsyslog:4.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "841185A1-0CD7-4965-A40A-45836037B910"
},
{
"criteria": "cpe:2.3:a:rsyslog:rsyslog:4.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4AB0A79C-E420-468E-9388-5E19EA54EA89"
}
],
"operator": "OR"
}
]
}
]