oss-sec mailing list archives

audit log injection attack via login

From: Josh Bressers <bressers () redhat com>
Date: Mon, 21 Apr 2008 20:23:20 -0400

Steve Grubb just let us know about an audit log injection flaw in login.
It's already public via a checkin:
http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git;a=commit;h=8ccf0b253ac0f4f58d64bc9674de18bff5a88782

I'm under the impression this should probably get a new CVE id (added Steve
Christey to the CC list for this).

Steve Grubb is also pretty sure there are other things that have this
problem, he's investigating.

Thanks.

-- 
    JB

Current thread:

audit log injection attack via login Josh Bressers (Apr 21)
- Re: audit log injection attack via login Steven M. Christey (Apr 23)