FKIE_CVE-2008-5617

Vulnerability from fkie_nvd - Published: 2008-12-17 02:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages.
References
cve@mitre.orghttp://secunia.com/advisories/32857Vendor Advisory
cve@mitre.orghttp://www.rsyslog.com/Article322.phtmlPatch, Vendor Advisory
cve@mitre.orghttp://www.rsyslog.com/Article327.phtml
cve@mitre.orghttp://www.rsyslog.com/Topic4.phtml
cve@mitre.orghttp://www.securityfocus.com/bid/32630
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/47080
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32857Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.rsyslog.com/Article322.phtmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.rsyslog.com/Article327.phtml
af854a3a-2127-422b-91ae-364da2661108http://www.rsyslog.com/Topic4.phtml
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/32630
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/47080
Impacted products
Vendor Product Version
rsyslog rsyslog 3.12.1
rsyslog rsyslog 3.12.2
rsyslog rsyslog 3.12.3
rsyslog rsyslog 3.12.4
rsyslog rsyslog 3.12.5
rsyslog rsyslog 3.13.0
rsyslog rsyslog 3.15.0
rsyslog rsyslog 3.15.1
rsyslog rsyslog 3.17.0
rsyslog rsyslog 3.17.1
rsyslog rsyslog 3.17.4
rsyslog rsyslog 3.17.5
rsyslog rsyslog 3.19.0
rsyslog rsyslog 3.19.1
rsyslog rsyslog 3.19.2
rsyslog rsyslog 3.19.3
rsyslog rsyslog 3.19.4
rsyslog rsyslog 3.19.5
rsyslog rsyslog 3.19.6
rsyslog rsyslog 3.19.7
rsyslog rsyslog 3.19.8
rsyslog rsyslog 3.19.9
rsyslog rsyslog 3.19.10
rsyslog rsyslog 3.19.11
rsyslog rsyslog 3.19.12
rsyslog rsyslog 3.20.0
rsyslog rsyslog 4.1.0
rsyslog rsyslog 4.1.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "89BF4CB5-5DBF-4D3F-BB71-EAA44A433D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFB62852-2AB0-4DD8-8742-8852E35680BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1CD4DC0-12FC-49C5-B2A0-2934ADFEC45C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4F8C757-DC7C-4611-BFB3-E2D909EBAFA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4268BBF-CEFE-4DC0-A540-20BDA4F61BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2ADEB3C-EC09-404B-B301-CF67106EC98C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE774463-3916-4BF5-A8C5-796CD1FD4AFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.15.1:beta:*:*:*:*:*:*",
              "matchCriteriaId": "ECAECD24-A1B6-4B51-93D4-64CCEEDEB5CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E9185C1-A2A4-490B-B054-DE337D4BBAF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0831F7D3-6E65-4D92-8295-64F0649EDA2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.17.4:beta:*:*:*:*:*:*",
              "matchCriteriaId": "D9EBE646-1515-4E30-8D6B-B5320A07F798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.17.5:beta:*:*:*:*:*:*",
              "matchCriteriaId": "12E5FB1C-08E9-4597-B729-9E9D7C7BBC5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDA49F2C-F679-4CB6-912F-E1C8F23C3E9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EE3C64E-1596-4AF8-A335-0BDDC9A47C66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C016F6A1-83BF-4ED7-B811-44DB7B19B60F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3A2E1E-7492-486A-916F-B9DDD0E2810C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDE04C46-348E-4772-BDFC-7A43399741E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "37C49996-20B7-4763-AA6A-92EFDA69CF6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "947E1B5B-E1F7-4770-9163-E8583F631810",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "89608E18-768A-4EA1-BEC2-05DEA93C85AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B64A837C-553D-433A-9904-FAE91B897DD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5907B692-CCD4-40E8-B5FC-E0606996F044",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "90C6D691-8ACB-497C-B90B-CAEDE54965B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C042D96-9BB4-40F5-B752-0F1DE06BA458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA326A8D-069A-4C60-B1E8-D83CD2E70DAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.20.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "47275436-0B5A-4BC6-A3F6-2232BF8D36D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "841185A1-0CD7-4965-A40A-45836037B910",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsyslog:rsyslog:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AB0A79C-E420-468E-9388-5E19EA54EA89",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages."
    },
    {
      "lang": "es",
      "value": "El manejador ACL de rsyslog v3.12.1 hasta v3.20.0, v4.1.0 y v4.1.1, no sigue la directiva $AllowSender, lo que permite a atacantes remotos evitar las restricciones de acceso pretendidas y falsear los mensajes de registro (log) o crear un gran n\u00famero de mensajes falsos."
    }
  ],
  "id": "CVE-2008-5617",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 7.8,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-12-17T02:30:00.203",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32857"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.rsyslog.com/Article322.phtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.rsyslog.com/Article327.phtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.rsyslog.com/Topic4.phtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/32630"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47080"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32857"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.rsyslog.com/Article322.phtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.rsyslog.com/Article327.phtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.rsyslog.com/Topic4.phtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/32630"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47080"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable. This issue did not affect the version of the rsyslog package, as shipped with Red Hat Enterprise Linux 5.",
      "lastModified": "2008-12-17T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.