fkie_nvd - fkie_cve-2008-5617

fkie_cve-2008-5617

Vulnerability from fkie_nvd

Published

2008-12-17 02:30

Modified

2025-04-09 00:30

Severity ?

Summary

The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/32857	Vendor Advisory
cve@mitre.org	http://www.rsyslog.com/Article322.phtml	Patch, Vendor Advisory
cve@mitre.org	http://www.rsyslog.com/Article327.phtml
cve@mitre.org	http://www.rsyslog.com/Topic4.phtml
cve@mitre.org	http://www.securityfocus.com/bid/32630
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/47080
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32857	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.rsyslog.com/Article322.phtml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.rsyslog.com/Article327.phtml
af854a3a-2127-422b-91ae-364da2661108	http://www.rsyslog.com/Topic4.phtml
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/32630
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/47080

Impacted products

Vendor	Product	Version
rsyslog	rsyslog	3.12.1
rsyslog	rsyslog	3.12.2
rsyslog	rsyslog	3.12.3
rsyslog	rsyslog	3.12.4
rsyslog	rsyslog	3.12.5
rsyslog	rsyslog	3.13.0
rsyslog	rsyslog	3.15.0
rsyslog	rsyslog	3.15.1
rsyslog	rsyslog	3.17.0
rsyslog	rsyslog	3.17.1
rsyslog	rsyslog	3.17.4
rsyslog	rsyslog	3.17.5
rsyslog	rsyslog	3.19.0
rsyslog	rsyslog	3.19.1
rsyslog	rsyslog	3.19.2
rsyslog	rsyslog	3.19.3
rsyslog	rsyslog	3.19.4
rsyslog	rsyslog	3.19.5
rsyslog	rsyslog	3.19.6
rsyslog	rsyslog	3.19.7
rsyslog	rsyslog	3.19.8
rsyslog	rsyslog	3.19.9
rsyslog	rsyslog	3.19.10
rsyslog	rsyslog	3.19.11
rsyslog	rsyslog	3.19.12
rsyslog	rsyslog	3.20.0
rsyslog	rsyslog	4.1.0
rsyslog	rsyslog	4.1.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "89BF4CB5-5DBF-4D3F-BB71-EAA44A433D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFB62852-2AB0-4DD8-8742-8852E35680BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1CD4DC0-12FC-49C5-B2A0-2934ADFEC45C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4F8C757-DC7C-4611-BFB3-E2D909EBAFA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4268BBF-CEFE-4DC0-A540-20BDA4F61BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2ADEB3C-EC09-404B-B301-CF67106EC98C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE774463-3916-4BF5-A8C5-796CD1FD4AFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.15.1:beta:*:*:*:*:*:*",
              "matchCriteriaId": "ECAECD24-A1B6-4B51-93D4-64CCEEDEB5CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E9185C1-A2A4-490B-B054-DE337D4BBAF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0831F7D3-6E65-4D92-8295-64F0649EDA2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.17.4:beta:*:*:*:*:*:*",
              "matchCriteriaId": "D9EBE646-1515-4E30-8D6B-B5320A07F798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.17.5:beta:*:*:*:*:*:*",
              "matchCriteriaId": "12E5FB1C-08E9-4597-B729-9E9D7C7BBC5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDA49F2C-F679-4CB6-912F-E1C8F23C3E9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EE3C64E-1596-4AF8-A335-0BDDC9A47C66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C016F6A1-83BF-4ED7-B811-44DB7B19B60F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3A2E1E-7492-486A-916F-B9DDD0E2810C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDE04C46-348E-4772-BDFC-7A43399741E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "37C49996-20B7-4763-AA6A-92EFDA69CF6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "947E1B5B-E1F7-4770-9163-E8583F631810",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "89608E18-768A-4EA1-BEC2-05DEA93C85AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B64A837C-553D-433A-9904-FAE91B897DD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5907B692-CCD4-40E8-B5FC-E0606996F044",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "90C6D691-8ACB-497C-B90B-CAEDE54965B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C042D96-9BB4-40F5-B752-0F1DE06BA458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA326A8D-069A-4C60-B1E8-D83CD2E70DAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.20.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "47275436-0B5A-4BC6-A3F6-2232BF8D36D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "841185A1-0CD7-4965-A40A-45836037B910",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AB0A79C-E420-468E-9388-5E19EA54EA89",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages."
    },
    {
      "lang": "es",
      "value": "El manejador ACL de rsyslog v3.12.1 hasta v3.20.0, v4.1.0 y v4.1.1, no sigue la directiva $AllowSender, lo que permite a atacantes remotos evitar las restricciones de acceso pretendidas y falsear los mensajes de registro (log) o crear un gran n\u00famero de mensajes falsos."
    }
  ],
  "id": "CVE-2008-5617",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 7.8,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-12-17T02:30:00.203",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32857"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.rsyslog.com/Article322.phtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.rsyslog.com/Article327.phtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.rsyslog.com/Topic4.phtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/32630"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47080"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32857"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.rsyslog.com/Article322.phtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.rsyslog.com/Article327.phtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.rsyslog.com/Topic4.phtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/32630"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47080"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable. This issue did not affect the version of the rsyslog package, as shipped with Red Hat Enterprise Linux 5.",
      "lastModified": "2008-12-17T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2008-5617 (GCVE-0-2008-5617)

Vulnerability from cvelistv5

Published

2008-12-17 02:00