oss-security - Re: audit log injection attack via login

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Message-ID: <Pine.GSO.4.51.0804231218580.10164@faron.mitre.org>
Date: Wed, 23 Apr 2008 12:19:06 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: Karel Zak <kzak@...hat.com>, Steve Grubb <sgrubb@...hat.com>,
        Miloslav Trmac <mitr@...hat.com>, coley@...re.org
Subject: Re: audit log injection attack via login


======================================================
Name: CVE-2008-1926
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1926
Reference: MISC:http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git;a=blobdiff;f=login-utils/login.c;h=230121316d953c59e7842c1325f6e9f326a37608;hp=aad27794327c60391b5148b367d2c79338fc6ee4;hb=8ccf0b253ac0f4f58d64bc9674de18bff5a88782;hpb=3a4a13b12a8065b0b5354686d2807cce421a9973
Reference: CONFIRM:http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git;a=commit;h=8ccf0b253ac0f4f58d64bc9674de18bff5a88782

Argument injection vulnerability in login (login-utils/login.c) in
util-linux-ng 2.14 and earlier makes it easier for remote attackers to
hide activities by modifying portions of log events, as demonstrated
by appending an "addr=" statement to the login name, aka "audit log
injection."

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.