Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5110

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-5110
Last Modified 04 Feb 2011 12:00:00
Published 17 Nov 2008 05:21:27
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5110

Summary

syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present.

Vulnerable Systems

Application

  • Balabit Syslog-ng


References

VUPEN - ADV-2010-1796

MLIST - [oss-security] 20081117 CVE Request (syslog-ng)

GENTOO - GLSA-200907-10

SECUNIA - 40551

SECUNIA - 35748

HP - HPSBMA02554

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505791

HP - SSRT100018


Last Updated: 27 May 2016 10:49:59