Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 219202 (CVE-2008-1926) - sys-apps/util-linux <2.13.1.1 Audit log argument injection (CVE-2008-1926)
Summary: sys-apps/util-linux <2.13.1.1 Audit log argument injection (CVE-2008-1926)
Status: RESOLVED FIXED
Alias: CVE-2008-1926
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://git.kernel.org/?p=utils/util-l...
Whiteboard: A4? [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-04-24 21:47 UTC by Robert Buchholz (RETIRED)
Modified: 2020-04-08 21:46 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2008-04-24 21:47:21 UTC 
CVE-2008-1926 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1926):
  Argument injection vulnerability in login (login-utils/login.c) in
  util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide
  activities by modifying portions of log events, as demonstrated by appending
  an "addr=" statement to the login name, aka "audit log injection."
Comment 1 SpanKY gentoo-dev 2008-04-24 22:41:57 UTC 
i already added util-linux-2.13.1.1 which contains the fix for this
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-04-25 09:09:10 UTC 
Arches, please test and mark stable:
=sys-apps/util-linux-2.13.1.1
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 release s390 sh sparc x86"
Comment 3 Ferris McCormick (RETIRED) gentoo-dev 2008-04-25 13:01:35 UTC 
Sparc stable, no problems seen.
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2008-04-25 14:05:03 UTC 
Stable for HPPA.
Comment 5 Raúl Porcel (RETIRED) gentoo-dev 2008-04-25 17:25:41 UTC 
alpha/ia64/x86 stable
Comment 6 Markus Rothe (RETIRED) gentoo-dev 2008-04-27 08:34:01 UTC 
ppc64 stable
Comment 7 Markus Meier gentoo-dev 2008-04-27 12:37:38 UTC 
amd64 stable
Comment 8 Tobias Scherbaum (RETIRED) gentoo-dev 2008-04-28 17:01:35 UTC 
ppc stable
Comment 9 Peter Volkov (RETIRED) gentoo-dev 2008-04-29 06:31:40 UTC 
Fixed in release snapshot.
Comment 10 Robert Buchholz (RETIRED) gentoo-dev 2008-05-06 15:18:21 UTC 
GLSA vote, I tend to vote no.
Comment 11 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-05-07 22:42:37 UTC 
I vote YES
Comment 12 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-05-10 11:41:48 UTC 
Voting NO.
Comment 13 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-05-11 21:49:48 UTC 
mmh ok, changing my vote and closing without GLSA.