Directory Traversal Vulnerability in syslog-ng by Open Source Routing
CVE-2008-5110

Currently unrated

Key Information:

Vendor: Oneidentity
Status: Syslog-ng
Vendor: CVE Published:; 17 November 2008

🔔 Create Oneidentity Vulnerability Alert

What is CVE-2008-5110?

The syslog-ng application contains a vulnerability where it fails to invoke the 'chdir' command during the 'chroot' process. This oversight could potentially allow attackers to escape from the restricted environment of a chroot jail, which can lead to unauthorized access or exploitation of the system. It is important to note that this vulnerability requires the presence of a separate vulnerability to be detrimental. It affects syslog-ng versions prior to and including 2.0.9.

References

http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na...

vendor-advisoryx_refsource_HP

http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na...

vendor-advisoryx_refsource_HP

http://security.gentoo.org/glsa/glsa-200907-10.xml

vendor-advisoryx_refsource_GENTOO

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 17, 2008
Vulnerability Reserved
Nov 17, 2008