{"id":"CVE-2008-5617","details":"The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages.","modified":"2026-04-10T03:40:27.573578Z","published":"2008-12-17T02:30:00Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/32857"},{"type":"ADVISORY","url":"http://www.rsyslog.com/Article322.phtml"},{"type":"FIX","url":"http://www.rsyslog.com/Article322.phtml"},{"type":"WEB","url":"http://www.rsyslog.com/Article327.phtml"},{"type":"WEB","url":"http://www.rsyslog.com/Topic4.phtml"},{"type":"WEB","url":"http://www.securityfocus.com/bid/32630"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/47080"}],"schema_version":"1.7.5"}