10 matches found
openSUSE Security Update : rsyslog (rsyslog-367)
rsyslog ignored the $AllowedSender configuration directive, therefore accepting log messages from anyone CVE-2008-5617. Additionally imudp logged a message when unauthorized senders tried to send to it, therefore allowing attackers to flood the log CVE-2008-5618. %NASLMINLEVEL 70300 C Tenable...
openSUSE Security Update : rsyslog (rsyslog-392)
rsyslog ignored the $AllowedSender configuration directive, therefore accepting log messages from anyone CVE-2008-5617. Additionally imudp logged a message when unauthorized senders tried to send to it, therefore allowing attackers to flood the log CVE-2008-5618. %NASLMINLEVEL 70300 C Tenable...
Fedora 10 : rsyslog-3.21.9-1.fc10 (2008-11476)
Security fixes for CVE-2008-5617 and CVE-2008-5618, detailed in: http://www.rsyslog.com/Article322.phtml http://secunia.com/Advisories/32857/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...
Fedora Update for rsyslog FEDORA-2008-11476
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora Update for rsyslog FEDORA-2008-11538
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 10.3)
The remote host is missing updates announced in advisory SUSE-SR:2009:001. SuSE Security Summaries are short on detail when it comes to the names of packages affected by a particular bug. Because of this, while this test will detect out of date packages, it cannot tell you what bugs impact which...
Fedora 9 : rsyslog-3.20.2-2.fc9 (2008-11538)
Security fixes for CVE-2008-5617 and CVE-2008-5618, detailed in: http://www.rsyslog.com/Article322.phtml http://secunia.com/Advisories/32857/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...
CVE-2008-5617
The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages...
CVE-2008-5617
The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages...
CVE-2008-5617
CVE-2008-5617 targets rsyslog ACL handling (versions 3.12.1–3.20.0, 4.1.0, 4.1.1) where the $AllowedSender directive is ignored, allowing remote spoofing of log messages and potential flood (high severity, network attack). Connected sources confirm exploitation potential and vendor advisories cit...