LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Interview: Kristen Carlson Accardi

LWN.net Weekly Edition for July 24, 2008

Tracing: no shortage of options

Interview: Wind River's John Bruggeman

LWN.net Weekly Edition for July 17, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

audit: privilege escalation

Package(s):audit CVE #(s):CVE-2008-1628
Created:April 9, 2008 Updated:April 25, 2008
Description:

From the Red Hat bugzilla entry:

A vulnerability has been reported in Linux Audit, which potentially can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to a boundary error within the "audit_log_user_command()" function in lib/audit_logging.c. This can be exploited to cause a stack-based buffer overflow via an overly long "command" argument and potentially execute arbitrary code with the privileges of the application using libaudit.

Alerts:
Fedora FEDORA-2008-3012 2008-04-08
Mandriva MDVSA-2008:083 2008-04-09
SuSE SUSE-SR:2008:010 2008-04-25
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.