- Description
- Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. NOTE: some of these details are obtained from third party information.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4.1
- Impact score
- 6.4
- Exploitability score
- 2.7
- Vector string
- AV:L/AC:M/Au:S/C:P/I:P/A:P
- nvd@nist.gov
- CWE-119
- Hype score
- Not currently trending
- Comment
- Additional information can be found at: http://www.securityfocus.com/bid/28524/info http://www.frsirt.com/english/advisories/2008/1052
- Impact
- -
- Solution
- -
- Red HatThis issue did not affect the audit packages as shipped with Red Hat Enterprise Linux 4. Red Hat is not treating this issue as a security vulnerability for Red Hat Enterprise Linux 5 as no application used the affected interface, and the only result is a controlled application termination as the overflow is detected by the FORTIFY_SOURCE protection mechanism. We plan to address this as non-security bug fix in updated audit packages for Red Hat Enterprise Linux 5.2. For further details, please see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-1628
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linux:audit:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "20E7244C-184D-4316-B79C-DA01CC329CF7",
"versionEndIncluding": "1.6.9"
}
],
"operator": "OR"
}
]
}
]