CVE-2008-5110 — Syslog-ng vulnerability

7 documents7 sources
Severity
9.3CRITICALNVD
EPSS
1.1%
top 22.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oneidentity Syslog-ng
Timeline
PublishedNov 17
Latest updateMay 13

Description

syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw affects syslog-ng versions prior to and including 2.0.9.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

â–¶Debianoneidentity/syslog-ng< 2.0.9-4.1+3
â–¶NVDoneidentity/syslog-ng2.0.9

🔴Vulnerability Details

3
GHSA
GHSA-423j-83rg-3cgc: syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail↗2022-05-13
â–¶
CVEList
CVE-2008-5110: syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail↗2008-11-17
â–¶
OSV
CVE-2008-5110: syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail↗2008-11-17
â–¶

📋Vendor Advisories

2
Red Hat
syslog-ng improper chroot↗2008-11-17
â–¶
Debian
CVE-2008-5110: syslog-ng - syslog-ng does not call chdir when it calls chroot, which might allow attackers ...↗2008
â–¶

💬Community

1
Bugzilla
CVE-2008-5110 syslog-ng improper chroot↗2008-11-18
â–¶
CVE-2008-5110 — Oneidentity Syslog-ng vulnerability | cvebase