CVE-2008-5617

The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages.
Configurations

Configuration 1

cpe:2.3:a:rsyslog:rsyslog:3.19.1:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:3.12.2:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:3.17.4:beta:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:3.13.0:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:3.19.9:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:3.12.4:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:3.19.8:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:3.19.12:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:3.19.11:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:3.17.1:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:3.19.6:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:3.19.10:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:3.17.0:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:3.19.7:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:3.12.3:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:3.19.0:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:3.12.1:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:3.15.1:beta:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:3.19.3:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:3.12.5:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:3.19.2:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:3.15.0:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:3.17.5:beta:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:3.19.5:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:3.20.0:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:3.19.4:*:*:*:*:*:*:*

Information

Published : 2008-12-17 02:30

Updated : 2017-08-08 01:33


NVD link : CVE-2008-5617

Mitre link : CVE-2008-5617

Products Affected
No products.
CWE