util-linux-ng登录远程日志注入漏洞

BUGTRAQ ID: 28983 CVECAN ID: CVE-2008-1926 util-linux-ng是增强版本的Util-linux软件包，包含有多种linux工具和应用。 util-linux-ng软件包的login.c在记录登录尝试时存在参数注入漏洞，远程攻击者可以在登录名称中添加addr=语句在审计日志中修改部分日志事件，从而隐藏其登录尝试等行为。 Karel Zak util-linux-ng 2.13.1.1 Karel Zak --------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

[SECURITY] Fedora 8 Update: util-linux-ng-2.13.1-2.fc8

The util-linux-ng package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, Util-linux contains the fdisk configuration tool and the login program...

CVE-2008-1926

Argument injection vulnerability in login login-utils/login.c in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection."...

CVE-2008-1926

Argument injection vulnerability in login login-utils/login.c in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection."...

DEBIAN-CVE-2008-1926

Argument injection vulnerability in login login-utils/login.c in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection."...

CVE-2008-1926

Argument injection vulnerability in login login-utils/login.c in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection."...

CVE-2008-1926

Argument injection vulnerability in login login-utils/login.c in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection."...

CVE-2008-1926

The CVE-2008-1926 issue is a log-injection vulnerability in util-linux-ng (login-utils/login.c) that allows a remote attacker to modify parts of audit logs (via an addr= in login name). It affects util-linux-ng up to 2.14 and has been addressed by Red Hat/CentOS advisories RHSA-2009:0981 and rela...

PT-2008-3453 · Util Linux Ng +1 · Util-Linux-Ng +1

Name of the Vulnerable Software and Affected Versions: util-linux-ng versions 2.14 and earlier Description: The issue allows remote attackers to modify log events, making it easier to hide activities. This is achieved by injecting arguments into the login process, demonstrated by appending an...

Debian Security Advisory DSA 1450-1 (util-linux)

The remote host is missing an update to util-linux announced via advisory DSA 1450-1. OpenVAS Vulnerability Test $Id: deb14501.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1450-1 util-linux Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Debian Security Advisory DSA 823-1 (util-linux)

The remote host is missing an update to util-linux announced via advisory DSA 823-1. David Watson discoverd a bug in mount as provided by util-linux and other packages such as loop-aes-utils that allows local users to bypass filesystem access restrictions by re-mounting it read-only. For the old...

Debian: Security Advisory (DSA-823-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-1450-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-1450-1 : util-linux - programming error

It was discovered that util-linux, miscellaneous system utilities, didn't drop privileged user and group permissions in the correct order in the mount and umount commands. This could potentially allow a local user to gain additional privileges. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

loop-aes-utils / util-linux privilege escalation

Group privileges are not properly dropped...

[SECURITY] [DSA 1450-1] New util-linux packages fix programming error

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1450-1 [email protected] http://www.debian.org/security/ Steve Kemp January 05, 2008 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1450-1] New util-linux packages fix programming error

------------------------------------------------------------------------ Debian Security Advisory DSA-1450-1 [email protected] http://www.debian.org/security/ Steve Kemp January 05, 2008 http://www.debian.org/security/faq -...

DSA-1450-1 util-linux privilege escalation

Bulletin has no description...

Moderate: util-linux security update

2.11y-31.24 - fix 324431 - CVE-2007-5191 util-linux mount doesn't drop privileges properly when calling helpers...

RHEL 3 / 4 / 5 : util-linux (RHSA-2007:0969)

Updated util-linux packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The util-linux package contains a large variety of low-level system utilities that...