CVE-2008-5618

Published Dec 17, 2008

Last updated a month ago

CVSS info 5.0

Overview

Description: imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 before 3.20.2 generates a message even when it is sent by an unauthorized sender, which allows remote attackers to cause a denial of service (disk consumption) via a large number of spurious messages.
Source: cve@mitre.org
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Vendor comments

Red HatNot vulnerable. This issue did not affect the version of the rsyslog package, as shipped with Red Hat Enterprise Linux 5.

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89BF4CB5-5DBF-4D3F-BB71-EAA44A433D9A"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:3.20.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47275436-0B5A-4BC6-A3F6-2232BF8D36D4"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:4.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "841185A1-0CD7-4965-A40A-45836037B910"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:4.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4AB0A79C-E420-468E-9388-5E19EA54EA89"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

References