Candidate: CVE-2008-5110
PublicDate: 2008-11-17 22:21:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5110
Description:
 syslog-ng does not call chdir when it calls chroot, which might allow
 attackers to escape the intended jail. NOTE: this is only a vulnerability
 when a separate vulnerability is present. This flaw affects syslog-ng
 versions prior to and including 2.0.9.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505791
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_syslog-ng:
upstream_syslog-ng: released (2.0.9-4.1)
dapper_syslog-ng: ignored (reached end-of-life)
gutsy_syslog-ng: needed (reached end-of-life)
hardy_syslog-ng: ignored (reached end-of-life)
intrepid_syslog-ng: needed (reached end-of-life)
jaunty_syslog-ng: not-affected (2.0.9-4.1)
karmic_syslog-ng: not-affected (2.0.9-4.1)
lucid_syslog-ng: not-affected (2.0.9-4.2)
maverick_syslog-ng: not-affected (2.0.9-4.2)
natty_syslog-ng: not-affected (2.0.9-4.2)
oneiric_syslog-ng: not-affected (2.0.9-4.2)
devel_syslog-ng: not-affected (2.0.9-4.2)