CVE-2008-5110

Name of the Vulnerable Software and Affected Versions syslog-ng versions prior to 2.1.3

Description The issue is related to syslog-ng not calling chdir when it calls chroot, which might allow attackers to escape the intended jail. However, this is only a vulnerability when a separate vulnerability is present. The flaw can lead to disruption of confidentiality, integrity, and availability of protected information and can be exploited remotely.

Recommendations For versions prior to 2.1.3, update to version 2.1.3 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.