{"id":"CVE-2008-5110","details":"syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw affects syslog-ng versions prior to and including 2.0.9.","modified":"2026-04-10T03:40:19.340364Z","published":"2008-11-17T22:21:27Z","related":["openSUSE-SU-2024:11418-1"],"references":[{"type":"ADVISORY","url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505791"},{"type":"ADVISORY","url":"http://secunia.com/advisories/35748"},{"type":"ADVISORY","url":"http://secunia.com/advisories/40551"},{"type":"ADVISORY","url":"http://security.gentoo.org/glsa/glsa-200907-10.xml"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2008/11/17/3"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2010/1796"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2008/11/17/3"},{"type":"REPORT","url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505791"},{"type":"REPORT","url":"http://www.vupen.com/english/advisories/2010/1796"},{"type":"WEB","url":"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"}],"schema_version":"1.7.5"}