CVE-2008-5617
First published: Wed Dec 17 2008(Updated: )
The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubuntu Rsyslog | =3.19.1 | |
| Ubuntu Rsyslog | =3.12.2 | |
| Ubuntu Rsyslog | =3.17.4-beta | |
| Ubuntu Rsyslog | =3.13.0 | |
| Ubuntu Rsyslog | =3.19.9 | |
| Ubuntu Rsyslog | =3.12.4 | |
| Ubuntu Rsyslog | =3.19.8 | |
| Ubuntu Rsyslog | =4.1.1 | |
| Ubuntu Rsyslog | =3.19.12 | |
| Ubuntu Rsyslog | =3.19.11 | |
| Ubuntu Rsyslog | =3.17.1 | |
| Ubuntu Rsyslog | =3.19.6 | |
| Ubuntu Rsyslog | =3.19.10 | |
| Ubuntu Rsyslog | =3.17.0 | |
| Ubuntu Rsyslog | =3.19.7 | |
| Ubuntu Rsyslog | =3.12.3 | |
| Ubuntu Rsyslog | =3.19.0 | |
| Ubuntu Rsyslog | =4.1.0 | |
| Ubuntu Rsyslog | =3.12.1 | |
| Ubuntu Rsyslog | =3.15.1-beta | |
| Ubuntu Rsyslog | =3.19.3 | |
| Ubuntu Rsyslog | =3.12.5 | |
| Ubuntu Rsyslog | =3.19.2 | |
| Ubuntu Rsyslog | =3.15.0 | |
| Ubuntu Rsyslog | =3.17.5-beta | |
| Ubuntu Rsyslog | =3.19.5 | |
| Ubuntu Rsyslog | =3.20.0 | |
| Ubuntu Rsyslog | =3.19.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2008-5617?
CVE-2008-5617 has a moderate severity rating due to its ability to allow unauthorized log message spoofing.
How do I fix CVE-2008-5617?
To fix CVE-2008-5617, upgrade rsyslog to a version that is not affected, such as 4.2.0 or later.
What systems are affected by CVE-2008-5617?
CVE-2008-5617 affects rsyslog versions from 3.12.1 to 3.20.0, including versions 4.1.0 and 4.1.1.
What are the consequences of exploiting CVE-2008-5617?
Exploiting CVE-2008-5617 can lead to unauthorized log manipulations and flooding the log system with fake messages.
How can I determine if my rsyslog is vulnerable to CVE-2008-5617?
To determine if your rsyslog is vulnerable to CVE-2008-5617, check the version number against the affected versions listed in the CVE description.
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/rsyslog
- canonical/ubuntu rsyslog
- version/ubuntu rsyslog/3.19.1
- version/ubuntu rsyslog/3.12.2
- version/ubuntu rsyslog/3.17.4-beta
- version/ubuntu rsyslog/3.13.0
- version/ubuntu rsyslog/3.19.9
- version/ubuntu rsyslog/3.12.4
- version/ubuntu rsyslog/3.19.8
- version/ubuntu rsyslog/4.1.1
- version/ubuntu rsyslog/3.19.12
- version/ubuntu rsyslog/3.19.11
- version/ubuntu rsyslog/3.17.1
- version/ubuntu rsyslog/3.19.6
- version/ubuntu rsyslog/3.19.10
- version/ubuntu rsyslog/3.17.0
- version/ubuntu rsyslog/3.19.7
- version/ubuntu rsyslog/3.12.3
- version/ubuntu rsyslog/3.19.0
- version/ubuntu rsyslog/4.1.0
- version/ubuntu rsyslog/3.12.1
- version/ubuntu rsyslog/3.15.1-beta
- version/ubuntu rsyslog/3.19.3
- version/ubuntu rsyslog/3.12.5
- version/ubuntu rsyslog/3.19.2
- version/ubuntu rsyslog/3.15.0
- version/ubuntu rsyslog/3.17.5-beta
- version/ubuntu rsyslog/3.19.5
- version/ubuntu rsyslog/3.20.0
- version/ubuntu rsyslog/3.19.4