Package: auditd Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for auditd.
CVE-2008-1628[0]:
| Stack-based buffer overflow in the audit_log_user_command function in
| lib/audit_logging.c in Linux Audit before 1.7 might allow remote
| attackers to execute arbitrary code via a long command argument.
| NOTE: some of these details are obtained from third party information.
In the audit_log_user_command function the command line
passed to the kernel for example if the command is used via
sudo is copied via strcpy into a buffer without any bounds
checking and leads to stack corruption.
Patch:
--- audit_logging.c 2007-04-09 23:50:01.000000000 +0200
+++ audit_logging.c.new 2008-04-09 19:35:21.000000000 +0200
@@ -607,7 +607,11 @@
}
p = cmd;
- strcpy(commname, cmd);
+ if (len >= PATH_MAX) {
+ cmd[PATH_MAX] = 0;
+ len = PATH_MAX-1;
+ }
+
while (*p) {
if (*p == '"' || *p < 0x21 || (unsigned)*p > 0x7f) {
_audit_c2x(commname, cmd, len);
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1628
http://security-tracker.debian.net/tracker/CVE-2008-1628
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpodb6qcXnxa.pgp
Description: PGP signature
