oss-sec mailing list archives
audit log injection attack via login
From: Josh Bressers <bressers () redhat com>
Date: Mon, 21 Apr 2008 20:23:20 -0400
Steve Grubb just let us know about an audit log injection flaw in login. It's already public via a checkin: http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git;a=commit;h=8ccf0b253ac0f4f58d64bc9674de18bff5a88782 I'm under the impression this should probably get a new CVE id (added Steve Christey to the CC list for this). Steve Grubb is also pretty sure there are other things that have this problem, he's investigating. Thanks. -- JB
Current thread:
- audit log injection attack via login Josh Bressers (Apr 21)
- Re: audit log injection attack via login Steven M. Christey (Apr 23)