Red Hat Bugzilla – Bug 476647
CVE-2008-5617 rsyslog: $AllowedSender restriction not honoured
Last modified: 2009-01-09 03:39:47 EST
Description of problem:
A vulnerability has been found in rsyslog's ACL handling. Due to a coding error in the modularization effort, the $AllowedSender directive is no longer honored but silently accepted. As such, rsyslog-based access control via $AllowedSender is not working and messages from every sender will be accepted by rsyslog. Most importantly, this could lead to misleading log entries or a remote DoS, by a malicious sender simply flooding the system logs with messages until the system runs out of disk space.
rsyslog-3.20.2-2.fc9 has been submitted as an update for Fedora 9.
CVE id CVE-2008-5617 was assigned to this issue:
The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does
not follow $AllowedSender directive, which allows remote attackers to
bypass intended access restrictions and spoof log messages or create a
large number of spurious messages.
This issue did not affect the version of the rsyslog package, as shipped
with Red Hat Enterprise Linux 5.
rsyslog-3.20.2-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
rsyslog-3.21.9-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: