Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1628

Overview

Vulnerability Score 4.1 4.1
CVE Id CVE-2008-1628
Last Modified 07 Mar 2011 10:07:22
Published 02 Apr 2008 01:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-1628

Summary

Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Linux Audit 1.6.9


References

MLIST - [linux-audit] 20080330 audit 1.7 released

FEDORA - FEDORA-2008-3012

XF - linuxaudit-auditlogusercommand-bo(41576)

VUPEN - ADV-2008-1052

SECTRACK - 1019824

BID - 28524

MANDRIVA - MDVSA-2008:083

GENTOO - GLSA-200807-14

SECUNIA - 31316

SECUNIA - 29957

SECUNIA - 29754

SECUNIA - 29617

CONFIRM - http://people.redhat.com/sgrubb/audit/ChangeLog

SUSE - SUSE-SR:2008:010


Last Updated: 27 May 2016 10:47:36