Argument Injection Vulnerability in util-linux-ng by util-linux
CVE-2008-1926

Currently unrated

Key Information:

Vendor
Linux
Status
Util-linux
Vendor
CVE Published:
24 April 2008

Summary

The vulnerability allows remote attackers to manipulate log records by injecting arbitrary arguments into login events. This is achieved by appending an 'addr=' statement to the login name. As a result, an attacker can hide malicious activities, making it difficult for system administrators to accurately monitor user actions. The affected versions of util-linux-ng (2.14 and earlier) are particularly susceptible, posing a significant risk to system integrity and security audits.

References

http://secunia.com/advisories/30014
third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/29982
third-party-advisoryx_refsource_SECUNIA
http://git.kernel.org/?p=utils/util-linux-ng/util-linux-n...
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2008-1926 : Argument Injection Vulnerability in util-linux-ng by util-linux | SecurityVulnerability.io