CVE-2008-1628

Impact:
Low
Public Date:
2008-03-31
Bugzilla:
440275: CVE-2008-1628 audit: audit_log_user_command() Buffer Overflow

The MITRE CVE dictionary describes this issue as:

Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. NOTE: some of these details are obtained from third party information.

Find out more about CVE-2008-1628 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue did not affect the audit packages as shipped with Red Hat Enterprise Linux 4.

Red Hat is not treating this issue as a security vulnerability for Red Hat Enterprise Linux 5 as no application used the affected interface, and the only result is a controlled application termination as the overflow is detected by the FORTIFY_SOURCE protection mechanism. We plan to address this as non-security bug fix in updated audit packages for Red Hat Enterprise Linux 5.2.

For further details, please see:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-1628

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.