ID CVE-2008-5618
Summary imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 before 3.20.2 generates a message even when it is sent by an unauthorized sender, which allows remote attackers to cause a denial of service (disk consumption) via a large number of spurious messages.
References
Vulnerable Configurations
  • cpe:2.3:a:rsyslog:rsyslog:3.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:rsyslog:rsyslog:3.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rsyslog:rsyslog:3.20.0:*:*:*:*:*:*:*
    cpe:2.3:a:rsyslog:rsyslog:3.20.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rsyslog:rsyslog:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:rsyslog:rsyslog:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rsyslog:rsyslog:4.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:rsyslog:rsyslog:4.1.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 17-12-2008 - 05:00)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
confirm http://www.rsyslog.com/Topic4.phtml
statements via4
contributor Tomas Hoger
lastmodified 2008-12-17
organization Red Hat
statement Not vulnerable. This issue did not affect the version of the rsyslog package, as shipped with Red Hat Enterprise Linux 5.
Last major update 17-12-2008 - 05:00
Published 17-12-2008 - 02:30
Back to Top