Количество 12
Количество 12
BDU:2024-10906
Уязвимость метода instance_create() программы для мониторинга и адаптивной настройки системных устройств tuned, позволяющая нарушителю проводить спуфинг-атаки
ROS-20250110-04
Множественные уязвимости tuned
CVE-2024-52337
A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations.
CVE-2024-52337
A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations.
CVE-2024-52337
A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations.
CVE-2024-52337
CVE-2024-52337
A log spoofing flaw was found in the Tuned package due to improper san ...
RLSA-2024:11161
Moderate: tuned security update
GHSA-8c3c-gvf8-p7v2
A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations.
ELSA-2024-11161
ELSA-2024-11161: tuned security update (MODERATE)
ELSA-2024-10381
ELSA-2024-10381: tuned security update (MODERATE)
ELSA-2024-10384
ELSA-2024-10384: tuned security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2024-10906 Уязвимость метода instance_create() программы для мониторинга и адаптивной настройки системных устройств tuned, позволяющая нарушителю проводить спуфинг-атаки | CVSS3: 5.5 | 0% Низкий | 8 месяцев назад |
 | ROS-20250110-04 Множественные уязвимости tuned | CVSS3: 7.8 | 5 месяцев назад | |
 | CVE-2024-52337 A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations. | CVSS3: 5.5 | 0% Низкий | 7 месяцев назад |
 | CVE-2024-52337 A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations. | CVSS3: 5.5 | 0% Низкий | 7 месяцев назад |
 | CVE-2024-52337 A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations. | CVSS3: 5.5 | 0% Низкий | 7 месяцев назад |
 | CVSS3: 5.5 | 0% Низкий | 6 месяцев назад | |
| CVE-2024-52337 A log spoofing flaw was found in the Tuned package due to improper san ... | CVSS3: 5.5 | 0% Низкий | 7 месяцев назад |
 | RLSA-2024:11161 Moderate: tuned security update | 0% Низкий | около 2 месяцев назад | |
| GHSA-8c3c-gvf8-p7v2 A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations. | CVSS3: 5.5 | 0% Низкий | 7 месяцев назад |
| ELSA-2024-11161 ELSA-2024-11161: tuned security update (MODERATE) | 6 месяцев назад | ||
| ELSA-2024-10381 ELSA-2024-10381: tuned security update (MODERATE) | 6 месяцев назад | ||
| ELSA-2024-10384 ELSA-2024-10384: tuned security update (IMPORTANT) | 7 месяцев назад |
Уязвимостей на страницу