CVE-2008-1926
Published Apr 24, 2008
Last updated 2 years ago
Overview
- Description
- Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection."
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-94
Vendor comments
- Red HatRed Hat is aware of this issue affecting Red Hat Enterprise Linux 5 and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1926 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue has been addressed in Red Hat Enterprise Linux 4 with the following update: https://rhn.redhat.com/errata/RHSA-2009-0981.html
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linux:util-linux:2.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "393F4032-A538-489F-8643-27608E4D51B4"
},
{
"criteria": "cpe:2.3:a:linux:util-linux:2.13.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8756FB28-086B-472F-8F0B-29570EE41BBB"
},
{
"criteria": "cpe:2.3:a:linux:util-linux:2.13.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3D1ADC6E-3146-480E-BA04-5030C3E95AD2"
},
{
"criteria": "cpe:2.3:a:linux:util-linux:2.13.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9B4D85E2-1EE1-40BA-9FE7-FE2C0779FA16"
},
{
"criteria": "cpe:2.3:a:linux:util-linux:2.14:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6EC054D9-5945-4BB9-A200-B764E4806D96"
}
],
"operator": "OR"
}
]
}
]