Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 831658 (CVE-2021-45417) - <app-forensics/aide-0.17.4: heap buffer overflow allows root privilege escalation
Summary: <app-forensics/aide-0.17.4: heap buffer overflow allows root privilege escala...
Status: RESOLVED FIXED
Alias: CVE-2021-45417
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://www.openwall.com/lists/oss-se...
Whiteboard: B1 [glsa+]
Keywords:
Depends on: 771924 835523
Blocks:
  Show dependency tree
 
Reported: 2022-01-21 01:58 UTC by John Helmert III
Modified: 2023-11-25 08:26 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-21 01:58:02 UTC
CVE-2021-45417

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.
Comment 1 Larry the Git Cow gentoo-dev 2022-03-11 11:01:15 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06cefe1606470b4b93e12aef21b1e9733c7e55c9

commit 06cefe1606470b4b93e12aef21b1e9733c7e55c9
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-03-11 11:00:35 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-03-11 11:01:01 +0000

    app-forensics/aide: add 0.17.4
    
    Closes: https://bugs.gentoo.org/771924
    Bug: https://bugs.gentoo.org/829268
    Bug: https://bugs.gentoo.org/831658
    Signed-off-by: Sam James <sam@gentoo.org>

 app-forensics/aide/Manifest                        |   1 +
 app-forensics/aide/aide-0.17.4.ebuild              | 103 +++++++++++++++++++++
 app-forensics/aide/files/aide-0.17.4-bashism.patch |  58 ++++++++++++
 3 files changed, 162 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-20 20:33:41 UTC
Please cleanup.
Comment 3 Hans de Graaff gentoo-dev Security 2023-10-04 05:32:32 UTC
commit 543ee0f51eaf868f071970d49db6611643de7292
Author: Sam James <sam@gentoo.org>
Date:   Sun Apr 17 19:39:47 2022 +0100

    app-forensics/aide: drop 0.16.2_p20200614
Comment 4 Larry the Git Cow gentoo-dev 2023-11-25 08:25:28 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=f97b11254c2a162a6078c78cf6112e3d8844d792

commit f97b11254c2a162a6078c78cf6112e3d8844d792
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-11-25 08:24:47 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-11-25 08:25:21 +0000

    [ GLSA 202311-07 ] AIDE: Root Privilege Escalation
    
    Bug: https://bugs.gentoo.org/831658
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202311-07.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)