AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2022/01/20/3 | Exploit Mailing List Mitigation Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/01/msg00024.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202311-07 | |
https://www.debian.org/security/2022/dsa-5051 | Third Party Advisory |
https://www.ipi.fi/pipermail/aide/2022-January/001713.html | Exploit Mailing List Mitigation Patch Third Party Advisory |
https://www.openwall.com/lists/oss-security/2022/01/20/3 | Exploit Mailing List Mitigation Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
25 Nov 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Jan 2022, 19:49
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
CPE | cpe:2.3:o:canonical:ubuntu_linux:21.04:*:*:*:*:*:*:* cpe:2.3:a:advanced_intrusion_detection_environment_project:advanced_intrusion_detection_environment:*:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:a:redhat:ovirt-node:4.4.10:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* |
|
CWE | CWE-787 | |
First Time |
Debian debian Linux
Fedoraproject Advanced Intrusion Detection Environment Project Advanced Intrusion Detection Environment Project advanced Intrusion Detection Environment Debian Canonical ubuntu Linux Fedoraproject fedora Redhat enterprise Linux Canonical Redhat virtualization Host Redhat ovirt-node Redhat |
|
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/01/20/3 - Exploit, Mailing List, Mitigation, Patch, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5051 - Third Party Advisory | |
References | (MISC) https://www.openwall.com/lists/oss-security/2022/01/20/3 - Exploit, Mailing List, Mitigation, Patch, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/01/msg00024.html - Mailing List, Third Party Advisory | |
References | (MISC) https://www.ipi.fi/pipermail/aide/2022-January/001713.html - Exploit, Mailing List, Mitigation, Patch, Third Party Advisory |
25 Jan 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Jan 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Jan 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Jan 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Jan 2022, 18:35
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-20 18:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-45417
Mitre link : CVE-2021-45417
CVE.ORG link : CVE-2021-45417
JSON object : View
Products Affected
redhat
- enterprise_linux
- ovirt-node
- virtualization_host
fedoraproject
- fedora
advanced_intrusion_detection_environment_project
- advanced_intrusion_detection_environment
canonical
- ubuntu_linux
debian
- debian_linux
CWE
CWE-787
Out-of-bounds Write