Lucene search
HistoryDec 17, 2008 - 2:30 a.m.
CVE-2008-5617
acl
rsyslog
access restrictions
spoof
cve-2008-5617
8.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:P/A:C
6.3 Medium
AI Score
Confidence
Low
0.013 Low
EPSS
Percentile
85.9%
The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages.
Affected configurations
Node
rsyslogrsyslogMatch3.12.1
ORrsyslogrsyslogMatch3.12.2
ORrsyslogrsyslogMatch3.12.3
ORrsyslogrsyslogMatch3.12.4
ORrsyslogrsyslogMatch3.12.5
ORrsyslogrsyslogMatch3.13.0
ORrsyslogrsyslogMatch3.15.0
ORrsyslogrsyslogMatch3.15.1beta
ORrsyslogrsyslogMatch3.17.0
ORrsyslogrsyslogMatch3.17.1
ORrsyslogrsyslogMatch3.17.4beta
ORrsyslogrsyslogMatch3.17.5beta
ORrsyslogrsyslogMatch3.19.0
ORrsyslogrsyslogMatch3.19.1
ORrsyslogrsyslogMatch3.19.2
ORrsyslogrsyslogMatch3.19.3
ORrsyslogrsyslogMatch3.19.4
ORrsyslogrsyslogMatch3.19.5
ORrsyslogrsyslogMatch3.19.6
ORrsyslogrsyslogMatch3.19.7
ORrsyslogrsyslogMatch3.19.8
ORrsyslogrsyslogMatch3.19.9
ORrsyslogrsyslogMatch3.19.10
ORrsyslogrsyslogMatch3.19.11
ORrsyslogrsyslogMatch3.19.12
ORrsyslogrsyslogMatch3.20.0
ORrsyslogrsyslogMatch4.1.0
ORrsyslogrsyslogMatch4.1.1
Related
ubuntucve
ubuntucve
CVE-2008-5617
2008-12-17 00:00:00
cvelist
cvelist
CVE-2008-5617
2008-12-17 02:00:00
debiancve
debiancve
CVE-2008-5617
2008-12-17 02:30:00
prion
prion
Design/Logic Flaw
2008-12-17 02:30:00
redhatcve
redhatcve
CVE-2008-5617
2015-10-30 10:02:52
nvd
nvd
CVE-2008-5617
2008-12-17 02:30:00
openvas
openvas
Fedora Update for rsyslog FEDORA-2008-11538
2009-02-13 00:00:00
Fedora Update for rsyslog FEDORA-2008-11476
2009-02-13 00:00:00
Fedora Update for rsyslog FEDORA-2008-11538
2009-02-13 00:00:00
nessus
nessus
Fedora 9 : rsyslog-3.20.2-2.fc9 (2008-11538)
2008-12-21 00:00:00
Fedora 10 : rsyslog-3.21.9-1.fc10 (2008-11476)
2009-04-23 00:00:00
openSUSE Security Update : rsyslog (rsyslog-367)
2009-07-21 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: rsyslog-3.21.9-1.fc10
2008-12-21 08:44:59
[SECURITY] Fedora 9 Update: rsyslog-3.20.2-2.fc9
2008-12-21 08:38:23
8.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:P/A:C
6.3 Medium
AI Score
Confidence
Low
0.013 Low
EPSS
Percentile
85.9%
Related for CVE-2008-5617