ID CVE-2008-5110
Summary syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw affects syslog-ng versions prior to and including 2.0.9.
References
Vulnerable Configurations
  • cpe:2.3:a:oneidentity:syslog-ng:-:*:*:*:*:*:*:*
    cpe:2.3:a:oneidentity:syslog-ng:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oneidentity:syslog-ng:1.4.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:oneidentity:syslog-ng:1.4.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:oneidentity:syslog-ng:1.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:oneidentity:syslog-ng:1.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oneidentity:syslog-ng:1.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:oneidentity:syslog-ng:1.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oneidentity:syslog-ng:1.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:oneidentity:syslog-ng:1.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oneidentity:syslog-ng:1.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:oneidentity:syslog-ng:1.4.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oneidentity:syslog-ng:1.4.15:*:*:*:*:*:*:*
    cpe:2.3:a:oneidentity:syslog-ng:1.4.15:*:*:*:*:*:*:*
  • cpe:2.3:a:oneidentity:syslog-ng:1.5.15:*:*:*:*:*:*:*
    cpe:2.3:a:oneidentity:syslog-ng:1.5.15:*:*:*:*:*:*:*
  • cpe:2.3:a:oneidentity:syslog-ng:1.5.20:*:*:*:*:*:*:*
    cpe:2.3:a:oneidentity:syslog-ng:1.5.20:*:*:*:*:*:*:*
  • cpe:2.3:a:oneidentity:syslog-ng:2.0:*:*:*:open_source:*:*:*
    cpe:2.3:a:oneidentity:syslog-ng:2.0:*:*:*:open_source:*:*:*
  • cpe:2.3:a:oneidentity:syslog-ng:2.0:*:*:*:premium:*:*:*
    cpe:2.3:a:oneidentity:syslog-ng:2.0:*:*:*:premium:*:*:*
  • cpe:2.3:a:oneidentity:syslog-ng:2.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:oneidentity:syslog-ng:2.0.9:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 22-06-2021 - 13:27)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
confirm http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505791
gentoo GLSA-200907-10
hp
  • HPSBMA02554
  • SSRT100018
mlist [oss-security] 20081117 CVE Request (syslog-ng)
secunia
  • 35748
  • 40551
vupen ADV-2010-1796
Last major update 22-06-2021 - 13:27
Published 17-11-2008 - 22:21
Last modified 22-06-2021 - 13:27
Back to Top