7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
85.2%
Argument injection vulnerability in login (login-utils/login.c) in
util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide
activities by modifying portions of log events, as demonstrated by
appending an βaddr=β statement to the login name, aka βaudit log
injection.β
Author | Note |
---|---|
mdeslaur | this is the CVE-2007-3102 issue from openssh marking not-affected as we donβt use login from the util-linux package. Itβs not compiled. |