CVE-2021-45417

Published: Jan 20, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.

Affected (16)

Products: Advanced Intrusion Detection Environment Project: Advanced Intrusion Detection Environment · Redhat: Enterprise Linux, Ovirt Node, Virtualization Host · Fedoraproject: Fedora · +2 more

Show all products

Advanced Intrusion Detection Environment Project: Advanced Intrusion Detection Environment · Redhat: Enterprise Linux, Ovirt Node, Virtualization Host · Fedoraproject: Fedora · Canonical: Ubuntu Linux · Debian: Debian Linux

Advanced Intrusion Detection Environment Project

1 product

Advanced Intrusion Detection Environment

3 products

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Advanced Intrusion Detection Environment Project Advanced Intrusion Detection Environment	From 0.13 to 0.17.3

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 6.0
Redhat Enterprise Linux	Version 7.0
Redhat Enterprise Linux	Version 8.0
Redhat Ovirt Node	Version 4.4.10
Redhat Virtualization Host	Version 4.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 35

Configuration D

6 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 20.04
Canonical Ubuntu Linux	Version 21.04
Canonical Ubuntu Linux	Version 21.10