Linux Audit: Buffer overflow — GLSA 200807-14

A buffer overflow vulnerability in Linux Audit may allow local attackers to execute arbitrary code.

Affected Packages

sys-process/audit on all architectures
Affected versions < 1.7.3
Unaffected versions >= 1.7.3

Background

Linux Audit is a set of userspace utilities for storing and processing auditing records.

Description

A stack-based buffer overflow has been reported in the audit_log_user_command() function in the file lib/audit_logging.c when processing overly long arguments.

Impact

A local attacker could execute a specially crafted command on the host running Linux Audit, possibly resulting in the execution of arbitrary code with the privileges of the user running Linux Audit.

Workaround

There is no known workaround at this time.

Resolution

All Linux Audit users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-process/audit-1.7.3"

References

Release Date
July 31, 2008

Latest Revision
July 31, 2008: 01

Severity
normal

Exploitable
local

Bugzilla entries