Vulnerabilities > CVE-2008-5618 - Denial-Of-Service vulnerability in RSyslog

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
rsyslog
nessus

Summary

imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 before 3.20.2 generates a message even when it is sent by an unauthorized sender, which allows remote attackers to cause a denial of service (disk consumption) via a large number of spurious messages.

Vulnerable Configurations

Part Description Count
Application
Rsyslog
4

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_RSYSLOG-081217.NASL
    descriptionrsyslog ignored the $AllowedSender configuration directive, therefore accepting log messages from anyone (CVE-2008-5617). Additionally imudp logged a message when unauthorized senders tried to send to it, therefore allowing attackers to flood the log CVE-2008-5618).
    last seen2020-06-01
    modified2020-06-02
    plugin id40304
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40304
    titleopenSUSE Security Update : rsyslog (rsyslog-367)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-11538.NASL
    descriptionSecurity fixes for CVE-2008-5617 and CVE-2008-5618, detailed in: http://www.rsyslog.com/Article322.phtml http://secunia.com/Advisories/32857/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id35232
    published2008-12-21
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35232
    titleFedora 9 : rsyslog-3.20.2-2.fc9 (2008-11538)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_RSYSLOG-090107.NASL
    descriptionrsyslog ignored the $AllowedSender configuration directive, therefore accepting log messages from anyone (CVE-2008-5617). Additionally imudp logged a message when unauthorized senders tried to send to it, therefore allowing attackers to flood the log CVE-2008-5618).
    last seen2020-06-01
    modified2020-06-02
    plugin id40305
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40305
    titleopenSUSE Security Update : rsyslog (rsyslog-392)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-11476.NASL
    descriptionSecurity fixes for CVE-2008-5617 and CVE-2008-5618, detailed in: http://www.rsyslog.com/Article322.phtml http://secunia.com/Advisories/32857/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id38098
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38098
    titleFedora 10 : rsyslog-3.21.9-1.fc10 (2008-11476)

Statements

contributorTomas Hoger
lastmodified2008-12-17
organizationRed Hat
statementNot vulnerable. This issue did not affect the version of the rsyslog package, as shipped with Red Hat Enterprise Linux 5.