Vulnerability Details : CVE-2008-5617

The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages.

Published 2008-12-17 02:30:00

Updated 2017-08-08 01:33:25

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2008-5617

Probability of exploitation activity in the next 30 days: 1.30%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 84 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-5617

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
8.5	HIGH	AV:N/AC:L/Au:N/C:N/I:P/A:C	10.0	7.8	nvd@nist.gov
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Complete

CWE ids for CVE-2008-5617

CWE-264

Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2008-5617

Red Hat 2008-12-17

Not vulnerable. This issue did not affect the version of the rsyslog package, as shipped with Red Hat Enterprise Linux 5.

References for CVE-2008-5617

Products affected by CVE-2008-5617

Rsyslog » Rsyslog » Version: 4.1.1
cpe:2.3:a:rsyslog:rsyslog:4.1.1:*:*:*:*:*:*:*
Matching versions
Rsyslog » Rsyslog » Version: 3.19.9
cpe:2.3:a:rsyslog:rsyslog:3.19.9:*:*:*:*:*:*:*
Matching versions
Rsyslog » Rsyslog » Version: 3.17.5 Update Beta
cpe:2.3:a:rsyslog:rsyslog:3.17.5:beta:*:*:*:*:*:*
Matching versions
Rsyslog » Rsyslog » Version: 3.19.3
cpe:2.3:a:rsyslog:rsyslog:3.19.3:*:*:*:*:*:*:*
Matching versions
Rsyslog » Rsyslog » Version: 3.19.2
cpe:2.3:a:rsyslog:rsyslog:3.19.2:*:*:*:*:*:*:*
Matching versions
Rsyslog » Rsyslog » Version: 3.12.5
cpe:2.3:a:rsyslog:rsyslog:3.12.5:*:*:*:*:*:*:*
Matching versions
Rsyslog » Rsyslog » Version: 3.12.4
cpe:2.3:a:rsyslog:rsyslog:3.12.4:*:*:*:*:*:*:*
Matching versions
Rsyslog » Rsyslog » Version: 4.1.0
cpe:2.3:a:rsyslog:rsyslog:4.1.0:*:*:*:*:*:*:*
Matching versions
Rsyslog » Rsyslog » Version: 3.20.0
cpe:2.3:a:rsyslog:rsyslog:3.20.0:*:*:*:*:*:*:*
Matching versions
Rsyslog » Rsyslog » Version: 3.17.4 Update Beta
cpe:2.3:a:rsyslog:rsyslog:3.17.4:beta:*:*:*:*:*:*
Matching versions
Rsyslog » Rsyslog » Version: 3.19.8
cpe:2.3:a:rsyslog:rsyslog:3.19.8:*:*:*:*:*:*:*
Matching versions
Rsyslog » Rsyslog » Version: 3.19.1
cpe:2.3:a:rsyslog:rsyslog:3.19.1:*:*:*:*:*:*:*
Matching versions
Rsyslog » Rsyslog » Version: 3.19.0
cpe:2.3:a:rsyslog:rsyslog:3.19.0:*:*:*:*:*:*:*
Matching versions
Rsyslog » Rsyslog » Version: 3.12.3
cpe:2.3:a:rsyslog:rsyslog:3.12.3:*:*:*:*:*:*:*
Matching versions
Rsyslog » Rsyslog » Version: 3.12.2
cpe:2.3:a:rsyslog:rsyslog:3.12.2:*:*:*:*:*:*:*
Matching versions
Rsyslog » Rsyslog » Version: 3.12.1
cpe:2.3:a:rsyslog:rsyslog:3.12.1:*:*:*:*:*:*:*
Matching versions
Rsyslog » Rsyslog » Version: 3.19.12
cpe:2.3:a:rsyslog:rsyslog:3.19.12:*:*:*:*:*:*:*
Matching versions
Rsyslog » Rsyslog » Version: 3.19.7
cpe:2.3:a:rsyslog:rsyslog:3.19.7:*:*:*:*:*:*:*
Matching versions
Rsyslog » Rsyslog » Version: 3.19.6
cpe:2.3:a:rsyslog:rsyslog:3.19.6:*:*:*:*:*:*:*
Matching versions
Rsyslog » Rsyslog » Version: 3.17.1
cpe:2.3:a:rsyslog:rsyslog:3.17.1:*:*:*:*:*:*:*
Matching versions
Rsyslog » Rsyslog » Version: 3.15.1 Update Beta
cpe:2.3:a:rsyslog:rsyslog:3.15.1:beta:*:*:*:*:*:*
Matching versions
Rsyslog » Rsyslog » Version: 3.17.0
cpe:2.3:a:rsyslog:rsyslog:3.17.0:*:*:*:*:*:*:*
Matching versions
Rsyslog » Rsyslog » Version: 3.19.11
cpe:2.3:a:rsyslog:rsyslog:3.19.11:*:*:*:*:*:*:*
Matching versions
Rsyslog » Rsyslog » Version: 3.19.10
cpe:2.3:a:rsyslog:rsyslog:3.19.10:*:*:*:*:*:*:*
Matching versions
Rsyslog » Rsyslog » Version: 3.19.5
cpe:2.3:a:rsyslog:rsyslog:3.19.5:*:*:*:*:*:*:*
Matching versions
Rsyslog » Rsyslog » Version: 3.19.4
cpe:2.3:a:rsyslog:rsyslog:3.19.4:*:*:*:*:*:*:*
Matching versions
Rsyslog » Rsyslog » Version: 3.15.0
cpe:2.3:a:rsyslog:rsyslog:3.15.0:*:*:*:*:*:*:*
Matching versions
Rsyslog » Rsyslog » Version: 3.13.0
cpe:2.3:a:rsyslog:rsyslog:3.13.0:*:*:*:*:*:*:*
Matching versions