Описание
The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 3.18.6-2 |
| gutsy | DNE | |
| hardy | ignored | end of life |
| intrepid | ignored | end of life, was needed |
| jaunty | not-affected | 3.18.6-2 |
| karmic | not-affected | 3.18.6-2 |
| lucid | not-affected | 3.18.6-2 |
| maverick | not-affected | 3.18.6-2 |
| natty | not-affected | 3.18.6-2 |
Показывать по
EPSS
8.5 High
CVSS2
Связанные уязвимости
The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages.
The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does no ...
The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages.
EPSS
8.5 High
CVSS2