DescriptionThe ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages.
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SR:2009:001, published Mon, 12 Jan 2009 13:00:00 +0000
SUSE Timeline for this CVECVE page created: Fri Jun 28 06:35:39 2013
CVE page last modified: Fri Oct 7 12:45:44 2022