Vulnerabilities > CVE-2008-5618 - Denial-Of-Service vulnerability in RSyslog
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 before 3.20.2 generates a message even when it is sent by an unauthorized sender, which allows remote attackers to cause a denial of service (disk consumption) via a large number of spurious messages.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_1_RSYSLOG-081217.NASL description rsyslog ignored the $AllowedSender configuration directive, therefore accepting log messages from anyone (CVE-2008-5617). Additionally imudp logged a message when unauthorized senders tried to send to it, therefore allowing attackers to flood the log CVE-2008-5618). last seen 2020-06-01 modified 2020-06-02 plugin id 40304 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40304 title openSUSE Security Update : rsyslog (rsyslog-367) NASL family Fedora Local Security Checks NASL id FEDORA_2008-11538.NASL description Security fixes for CVE-2008-5617 and CVE-2008-5618, detailed in: http://www.rsyslog.com/Article322.phtml http://secunia.com/Advisories/32857/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 35232 published 2008-12-21 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35232 title Fedora 9 : rsyslog-3.20.2-2.fc9 (2008-11538) NASL family SuSE Local Security Checks NASL id SUSE_11_1_RSYSLOG-090107.NASL description rsyslog ignored the $AllowedSender configuration directive, therefore accepting log messages from anyone (CVE-2008-5617). Additionally imudp logged a message when unauthorized senders tried to send to it, therefore allowing attackers to flood the log CVE-2008-5618). last seen 2020-06-01 modified 2020-06-02 plugin id 40305 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40305 title openSUSE Security Update : rsyslog (rsyslog-392) NASL family Fedora Local Security Checks NASL id FEDORA_2008-11476.NASL description Security fixes for CVE-2008-5617 and CVE-2008-5618, detailed in: http://www.rsyslog.com/Article322.phtml http://secunia.com/Advisories/32857/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 38098 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38098 title Fedora 10 : rsyslog-3.21.9-1.fc10 (2008-11476)
Statements
| contributor | Tomas Hoger |
| lastmodified | 2008-12-17 |
| organization | Red Hat |
| statement | Not vulnerable. This issue did not affect the version of the rsyslog package, as shipped with Red Hat Enterprise Linux 5. |