Описание
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.
A heap-based buffer overflow vulnerability in the base64 functions of AIDE, an advanced intrusion detection system. An attacker could crash the program and possibly execute arbitrary code through large (<16k) extended file attributes or ACL.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 9 | aide | Not affected | ||
| Red Hat Enterprise Linux 6 Extended Lifecycle Support | aide | Fixed | RHSA-2022:0472 | 08.02.2022 |
| Red Hat Enterprise Linux 7 | aide | Fixed | RHSA-2022:0473 | 08.02.2022 |
| Red Hat Enterprise Linux 8 | aide | Fixed | RHSA-2022:0441 | 07.02.2022 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | aide | Fixed | RHSA-2022:0464 | 08.02.2022 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | aide | Fixed | RHSA-2022:0456 | 07.02.2022 |
| Red Hat Enterprise Linux 8.4 Extended Update Support | aide | Fixed | RHSA-2022:0440 | 07.02.2022 |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | redhat-virtualization-host | Fixed | RHSA-2022:1263 | 07.04.2022 |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 | redhat-virtualization-host | Fixed | RHSA-2022:0540 | 15.02.2022 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.
AIDE before 0.17.4 allows local users to obtain root privileges via cr ...
7.5 High
CVSS3