CVE-2008-1926

Published: Apr 24, 2008Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection."

Affected (5)

Products: Linux: Util Linux

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Linux Util Linux	Version 2.13.0.1
Linux Util Linux	Version 2.13.1.1
Linux Util Linux	Version 2.13.1
Linux Util Linux	Version 2.13
Linux Util Linux	Version 2.14 rc1

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (30)

http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git%3Ba=blobdiff%3Bf=login-utils/login.c%3Bh=230121316d953c59e7842c1325f6e9f326a37608%3Bhp=aad27794327c60391b5148b367d2c79338fc6ee4%3Bhb=8ccf0b253ac0f4f58d64bc9674de18bff5a88782%3Bhpb=3a4a13b12a8065b0b5354686d2807cce421a9973

Source: secalert@redhat.com

http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git%3Ba=commit%3Bh=8ccf0b253ac0f4f58d64bc9674de18bff5a88782

Source: secalert@redhat.com

http://secunia.com/advisories/29982

Source: secalert@redhat.com

http://secunia.com/advisories/30014

Source: secalert@redhat.com

http://secunia.com/advisories/35161

Source: secalert@redhat.com

http://wiki.rpath.com/Advisories:rPSA-2009-0143

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2008:114

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2009-0981.html

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/507854/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/bid/28983

Source: secalert@redhat.com

http://www.securitytracker.com/id?1022256

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2008/1392/references

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/41987

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9833

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00624.html

Source: secalert@redhat.com

http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git%3Ba=blobdiff%3Bf=login-utils/login.c%3Bh=230121316d953c59e7842c1325f6e9f326a37608%3Bhp=aad27794327c60391b5148b367d2c79338fc6ee4%3Bhb=8ccf0b253ac0f4f58d64bc9674de18bff5a88782%3Bhpb=3a4a13b12a8065b0b5354686d2807cce421a9973

Source: af854a3a-2127-422b-91ae-364da2661108

http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git%3Ba=commit%3Bh=8ccf0b253ac0f4f58d64bc9674de18bff5a88782

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/29982

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/30014

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35161

Source: af854a3a-2127-422b-91ae-364da2661108

http://wiki.rpath.com/Advisories:rPSA-2009-0143

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2008:114

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2009-0981.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/507854/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/28983

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1022256

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/1392/references

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/41987

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9833

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00624.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.