← Back

CVE-2008-5617

nvd nist
Published: Dec 17, 2008Modified: Apr 23, 2026

JSON object

Loading...
8.5
Vector
AV:N/AC:L/Au:N/C:N/I:P/A:C
Exploitability: 10.0 / Impact: 7.8
Source: NVD

Description

The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages.

Affected (28)

Products: Rsyslog: Rsyslog
Rsyslog
1 product
Rsyslog
Configuration A
28 vulnerable
Vulnerable SoftwareAffected Versions
Rsyslog
Rsyslog
Version 3.12.1
Rsyslog
Version 3.12.2
Rsyslog
Version 3.12.3
Rsyslog
Version 3.12.4
Rsyslog
Version 3.12.5
Rsyslog
Version 3.13.0
Rsyslog
Version 3.15.0
Rsyslog
Version 3.15.1 beta
Rsyslog
Version 3.17.0
Rsyslog
Version 3.17.1
Rsyslog
Version 3.17.4 beta
Rsyslog
Version 3.17.5 beta
Rsyslog
Version 3.19.0
Rsyslog
Version 3.19.10
Rsyslog
Version 3.19.11
Rsyslog
Version 3.19.12
Rsyslog
Version 3.19.1
Rsyslog
Version 3.19.2
Rsyslog
Version 3.19.3
Rsyslog
Version 3.19.4
Rsyslog
Version 3.19.5
Rsyslog
Version 3.19.6
Rsyslog
Version 3.19.7
Rsyslog
Version 3.19.8
Rsyslog
Version 3.19.9
Rsyslog
Version 3.20.0
Rsyslog
Version 4.1.0
Rsyslog
Version 4.1.1

Related CWEs

CWE-264
CWE-264

References (12)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.