Search for vulnerabilities
Vulnerability details: VCID-1zfv-hmf1-aaak
Vulnerability ID VCID-1zfv-hmf1-aaak
Aliases CVE-2008-5110
Summary syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw affects syslog-ng versions prior to and including 2.0.9.
Status Published
Exploitability 0.5
Weighted Severity 8.4
Risk 4.2
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.00962 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.01088 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.01088 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.01088 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.01088 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.01088 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.01088 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.01088 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.01088 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.01088 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.01088 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.01088 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.01088 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.01088 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.01088 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.01088 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.01088 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.01088 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.01088 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
epss 0.01428 https://api.first.org/data/v1/epss?cve=CVE-2008-5110
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=471984
cvssv2 9.3 https://nvd.nist.gov/vuln/detail/CVE-2008-5110
Reference id Reference type URL
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505791
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5110.json
https://api.first.org/data/v1/epss?cve=CVE-2008-5110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5110
http://secunia.com/advisories/35748
http://secunia.com/advisories/40551
http://security.gentoo.org/glsa/glsa-200907-10.xml
http://www.openwall.com/lists/oss-security/2008/11/17/3
http://www.vupen.com/english/advisories/2010/1796
471984 https://bugzilla.redhat.com/show_bug.cgi?id=471984
505791 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505791
cpe:2.3:a:oneidentity:syslog-ng:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:*:*:*:*:*:*:*:*
CVE-2008-5110 https://nvd.nist.gov/vuln/detail/CVE-2008-5110
GLSA-200907-10 https://security.gentoo.org/glsa/200907-10
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2008-5110
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.59463
EPSS Score 0.00211
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.