Vulnerability Details CVE-2008-5617
The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.1%
CVSS Severity
CVSS v2 Score 8.5
References
- http://secunia.com/advisories/32857
- http://www.rsyslog.com/Article322.phtml
- http://www.rsyslog.com/Article327.phtml
- http://www.rsyslog.com/Topic4.phtml
- http://www.securityfocus.com/bid/32630
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47080
- http://secunia.com/advisories/32857
- http://www.rsyslog.com/Article322.phtml
- http://www.rsyslog.com/Article327.phtml
- http://www.rsyslog.com/Topic4.phtml
- http://www.securityfocus.com/bid/32630
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47080
Products affected by CVE-2008-5617
-
cpe:2.3:a:rsyslog:rsyslog:3.12.1
-
cpe:2.3:a:rsyslog:rsyslog:3.12.2
-
cpe:2.3:a:rsyslog:rsyslog:3.12.3
-
cpe:2.3:a:rsyslog:rsyslog:3.12.4
-
cpe:2.3:a:rsyslog:rsyslog:3.12.5
-
cpe:2.3:a:rsyslog:rsyslog:3.13.0
-
cpe:2.3:a:rsyslog:rsyslog:3.15.0
-
cpe:2.3:a:rsyslog:rsyslog:3.15.1
-
cpe:2.3:a:rsyslog:rsyslog:3.17.0
-
cpe:2.3:a:rsyslog:rsyslog:3.17.1
-
cpe:2.3:a:rsyslog:rsyslog:3.17.4
-
cpe:2.3:a:rsyslog:rsyslog:3.17.5
-
cpe:2.3:a:rsyslog:rsyslog:3.19.0
-
cpe:2.3:a:rsyslog:rsyslog:3.19.1
-
cpe:2.3:a:rsyslog:rsyslog:3.19.10
-
cpe:2.3:a:rsyslog:rsyslog:3.19.11
-
cpe:2.3:a:rsyslog:rsyslog:3.19.12
-
cpe:2.3:a:rsyslog:rsyslog:3.19.2
-
cpe:2.3:a:rsyslog:rsyslog:3.19.3
-
cpe:2.3:a:rsyslog:rsyslog:3.19.4
-
cpe:2.3:a:rsyslog:rsyslog:3.19.5
-
cpe:2.3:a:rsyslog:rsyslog:3.19.6
-
cpe:2.3:a:rsyslog:rsyslog:3.19.7
-
cpe:2.3:a:rsyslog:rsyslog:3.19.8
-
cpe:2.3:a:rsyslog:rsyslog:3.19.9
-
cpe:2.3:a:rsyslog:rsyslog:3.20.0
-
cpe:2.3:a:rsyslog:rsyslog:4.1.0
-
cpe:2.3:a:rsyslog:rsyslog:4.1.1