CVE-2008-5617

{"id": "CVE-2008-5617", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 8.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-12-17T02:30:00.203", "references": [{"url": "http://secunia.com/advisories/32857", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.rsyslog.com/Article322.phtml", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.rsyslog.com/Article327.phtml", "source": "cve@mitre.org"}, {"url": "http://www.rsyslog.com/Topic4.phtml", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/32630", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47080", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/32857", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.rsyslog.com/Article322.phtml", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.rsyslog.com/Article327.phtml", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.rsyslog.com/Topic4.phtml", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/32630", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47080", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages."}, {"lang": "es", "value": "El manejador ACL de rsyslog v3.12.1 hasta v3.20.0, v4.1.0 y v4.1.1, no sigue la directiva $AllowSender, lo que permite a atacantes remotos evitar las restricciones de acceso pretendidas y falsear los mensajes de registro (log) o crear un gran n\u00famero de mensajes falsos."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89BF4CB5-5DBF-4D3F-BB71-EAA44A433D9A"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFB62852-2AB0-4DD8-8742-8852E35680BA"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1CD4DC0-12FC-49C5-B2A0-2934ADFEC45C"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4F8C757-DC7C-4611-BFB3-E2D909EBAFA2"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4268BBF-CEFE-4DC0-A540-20BDA4F61BD8"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.13.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2ADEB3C-EC09-404B-B301-CF67106EC98C"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE774463-3916-4BF5-A8C5-796CD1FD4AFE"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.15.1:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECAECD24-A1B6-4B51-93D4-64CCEEDEB5CC"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.17.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E9185C1-A2A4-490B-B054-DE337D4BBAF3"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.17.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0831F7D3-6E65-4D92-8295-64F0649EDA2F"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.17.4:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9EBE646-1515-4E30-8D6B-B5320A07F798"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.17.5:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12E5FB1C-08E9-4597-B729-9E9D7C7BBC5A"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDA49F2C-F679-4CB6-912F-E1C8F23C3E9D"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5EE3C64E-1596-4AF8-A335-0BDDC9A47C66"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C016F6A1-83BF-4ED7-B811-44DB7B19B60F"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A3A2E1E-7492-486A-916F-B9DDD0E2810C"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDE04C46-348E-4772-BDFC-7A43399741E0"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37C49996-20B7-4763-AA6A-92EFDA69CF6B"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "947E1B5B-E1F7-4770-9163-E8583F631810"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89608E18-768A-4EA1-BEC2-05DEA93C85AD"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B64A837C-553D-433A-9904-FAE91B897DD1"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5907B692-CCD4-40E8-B5FC-E0606996F044"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90C6D691-8ACB-497C-B90B-CAEDE54965B3"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C042D96-9BB4-40F5-B752-0F1DE06BA458"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA326A8D-069A-4C60-B1E8-D83CD2E70DAD"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.20.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47275436-0B5A-4BC6-A3F6-2232BF8D36D4"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:4.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "841185A1-0CD7-4965-A40A-45836037B910"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:4.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AB0A79C-E420-468E-9388-5E19EA54EA89"}], "operator": "OR"}]}], "vendorComments": [{"comment": "Not vulnerable. This issue did not affect the version of the rsyslog package, as shipped with Red Hat Enterprise Linux 5.", "lastModified": "2008-12-17T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "cve@mitre.org"}