CVE-2021-45417

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.openwall.com/lists/oss-security/2022/01/20/3	Exploit Mailing List Mitigation Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/01/msg00024.html	Mailing List Third Party Advisory
https://security.gentoo.org/glsa/202311-07
https://www.debian.org/security/2022/dsa-5051	Third Party Advisory
https://www.ipi.fi/pipermail/aide/2022-January/001713.html	Exploit Mailing List Mitigation Patch Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/01/20/3	Exploit Mailing List Mitigation Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:advanced_intrusion_detection_environment_project:advanced_intrusion_detection_environment:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:redhat:ovirt-node:4.4.10:::::::*
	cpe:2.3:a:redhat:virtualization_host:4.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*

Configuration 3 (hide)

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:21.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:21.10:::::::*

Configuration 5 (hide)

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

History

25 Nov 2023, 09:15

Type	Values Removed	Values Added
References		() https://security.gentoo.org/glsa/202311-07 -

26 Jan 2022, 19:49

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.2 v3 : 7.8
CPE		cpe:2.3:o:canonical:ubuntu_linux:21.04:::::::* cpe:2.3:a:advanced_intrusion_detection_environment_project:advanced_intrusion_detection_environment:::::::: cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm::: cpe:2.3:o:redhat:enterprise_linux:7.0:::::::* cpe:2.3:a:redhat:virtualization_host:4.0:::::::* cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux:6.0:::::::* cpe:2.3:o:debian:debian_linux:9.0:::::::* cpe:2.3:o:canonical:ubuntu_linux:21.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts::: cpe:2.3:o:fedoraproject:fedora:35:::::::* cpe:2.3:a:redhat:ovirt-node:4.4.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm::: cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
CWE		CWE-787
First Time		Debian debian Linux Fedoraproject Advanced Intrusion Detection Environment Project Advanced Intrusion Detection Environment Project advanced Intrusion Detection Environment Debian Canonical ubuntu Linux Fedoraproject fedora Redhat enterprise Linux Canonical Redhat virtualization Host Redhat ovirt-node Redhat
References	~~(MLIST) http://www.openwall.com/lists/oss-security/2022/01/20/3 -~~	(MLIST) http://www.openwall.com/lists/oss-security/2022/01/20/3 - Exploit, Mailing List, Mitigation, Patch, Third Party Advisory
References	~~(DEBIAN) https://www.debian.org/security/2022/dsa-5051 -~~	(DEBIAN) https://www.debian.org/security/2022/dsa-5051 - Third Party Advisory
References	~~(MISC) https://www.openwall.com/lists/oss-security/2022/01/20/3 -~~	(MISC) https://www.openwall.com/lists/oss-security/2022/01/20/3 - Exploit, Mailing List, Mitigation, Patch, Third Party Advisory
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2022/01/msg00024.html -~~	(MLIST) https://lists.debian.org/debian-lts-announce/2022/01/msg00024.html - Mailing List, Third Party Advisory
References	~~(MISC) https://www.ipi.fi/pipermail/aide/2022-January/001713.html -~~	(MISC) https://www.ipi.fi/pipermail/aide/2022-January/001713.html - Exploit, Mailing List, Mitigation, Patch, Third Party Advisory

25 Jan 2022, 17:15

Type	Values Removed	Values Added
References		(MISC) https://www.ipi.fi/pipermail/aide/2022-January/001713.html -

25 Jan 2022, 04:15

Type	Values Removed	Values Added
References		(MLIST) https://lists.debian.org/debian-lts-announce/2022/01/msg00024.html -

21 Jan 2022, 20:15

Type	Values Removed	Values Added
References		(DEBIAN) https://www.debian.org/security/2022/dsa-5051 -

20 Jan 2022, 19:15

Type	Values Removed	Values Added
References		(MLIST) http://www.openwall.com/lists/oss-security/2022/01/20/3 -

20 Jan 2022, 18:35

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-01-20 18:15

Updated : 2023-12-10 14:09

NVD link : CVE-2021-45417

Mitre link : CVE-2021-45417

CVE.ORG link : CVE-2021-45417

JSON object : View

Products Affected

redhat

enterprise_linux
ovirt-node
virtualization_host

fedoraproject

fedora

advanced_intrusion_detection_environment_project

advanced_intrusion_detection_environment

canonical

ubuntu_linux

debian

debian_linux

CWE

CWE-787

Out-of-bounds Write

7.8 /10