Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1926

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-1926
Last Modified 07 Mar 2011 10:08:15
Published 24 Apr 2008 01:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1926

Summary

Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection."

Vulnerable Systems

Application

  • Util-linux 2.13

  • Util-linux 2.13.0.1

  • Util-linux 2.13.1

  • Util-linux 2.13.1.1

  • Util-linux 2.14


References

VUPEN - ADV-2008-1392

SECTRACK - 1022256

BUGTRAQ - 20091112 rPSA-2009-0143-1 util-linux util-linux-extras

REDHAT - RHSA-2009:0981

MANDRIVA - MDVSA-2008:114

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2009-0143

SECUNIA - 35161

CONFIRM - http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git;a=commit;h=8ccf0b253ac0f4f58d64bc9674de18bff5a88782

MISC - http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git;a=blobdiff;f=login-utils/login.c;h=230121316d953c59e7842c1325f6e9f326a37608;hp=aad27794327c60391b5148b367d2c79338fc6ee4;hb=8ccf0b253ac0f4f58d64bc9674de18bff5a88782;hpb=3a4a13b12a8065b0b5354686d2807cce421a9973

FEDORA - FEDORA-2008-3419

XF - utillinuxng-login-data-manipulation(41987)

BID - 28983

SECUNIA - 30014

SECUNIA - 29982


Last Updated: 27 May 2016 10:47:42