CVE-2008-1926

Currently unrated

Key Information:

Vendor: Linux
Status: Util-linux
Vendor: CVE Published:; 24 April 2008

Summary

Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection."

References

http://secunia.com/advisories/30014

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/29982

third-party-advisoryx_refsource_SECUNIA

http://git.kernel.org/?p=utils/util-linux-ng/util-linux-n...

x_refsource_CONFIRM

EPSS Score

1% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 24, 2008
Vulnerability Reserved
Apr 23, 2008

Collectors

NVD DatabaseMitre Database