Launchpad.net

CVE 2008-1628

Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. NOTE: some of these details are obtained from third party information.

Related bugs and status

CVE-2008-1628 (Candidate) is related to these bugs:

Bug #216117: [CVE-2008-1628] buffer overflow in lib/audit_logging.c

		In	Importance	Status
216117	[CVE-2008-1628] buffer overflow in lib/audit_logging.c	audit (Ubuntu)	High	Fix Released
216117	[CVE-2008-1628] buffer overflow in lib/audit_logging.c	audit (Ubuntu Gutsy)	High	Fix Released
216117	[CVE-2008-1628] buffer overflow in lib/audit_logging.c	audit (Ubuntu Hardy)	High	Fix Released
216117	[CVE-2008-1628] buffer overflow in lib/audit_logging.c	audit (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [linux-audit] 20080330...
CONFIRM: http://people.redhat.c...
BID: 28524
SECUNIA: 29617
MANDRIVA: MDVSA-2008:083
SECTRACK: 1019824
FEDORA: FEDORA-2008-3012
SECUNIA: 29754
SUSE: SUSE-SR:2008:010
SECUNIA: 29957
GENTOO: GLSA-200807-14
SECUNIA: 31316
VUPEN: ADV-2008-1052
XF: linuxaudit-auditloguse...