what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

CVE-2021-45417

Status Candidate

Overview

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.

Related Files

Gentoo Linux Security Advisory 202311-07
Posted Nov 25, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202311-7 - A vulnerability has been found in AIDE which can lead to root privilege escalation. Versions greater than or equal to 0.17.4 are affected.

tags | advisory, root
systems | linux, gentoo
advisories | CVE-2021-45417
SHA-256 | 607a9cc94009113695795110e51fd3f99f4c844d2fac41b93831a6c0378d85a3
Red Hat Security Advisory 2022-1263-01
Posted Apr 7, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1263-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include buffer overflow, code execution, integer overflow, privilege escalation, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-0920, CVE-2021-4028, CVE-2021-4083, CVE-2021-4155, CVE-2021-45417, CVE-2022-0330, CVE-2022-0778, CVE-2022-22942, CVE-2022-24407, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315
SHA-256 | 8099208ae1c6aef8c286b95bb11ce25104d7ea396a4083c6ef51ad9bcd09650a
Red Hat Security Advisory 2022-0540-01
Posted Feb 16, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0540-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include buffer overflow, heap overflow, and privilege escalation vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2021-4034, CVE-2021-4155, CVE-2021-45417, CVE-2022-0185
SHA-256 | 923f3586648f88116e40f30ce55effbcd7d2b6a803d6888a77b92b4b0e0c6d09
Red Hat Security Advisory 2022-0464-02
Posted Feb 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0464-02 - Advanced Intrusion Detection Environment is a utility that creates a database of files on the system, and then uses that database to ensure file integrity and detect system intrusions. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2021-45417
SHA-256 | 36b9e07030c8bb693d556dcfde4489a6ee4054518bc93ccfaa1b4f60f2c73a8f
Red Hat Security Advisory 2022-0472-02
Posted Feb 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0472-02 - Advanced Intrusion Detection Environment is a utility that creates a database of files on the system, and then uses that database to ensure file integrity and detect system intrusions. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2021-45417
SHA-256 | 62ec9be6c512b12130498c06bd9ff6904f9e846e5855db6cdab3f4a7b7de1f8c
Red Hat Security Advisory 2022-0473-02
Posted Feb 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0473-02 - Advanced Intrusion Detection Environment is a utility that creates a database of files on the system, and then uses that database to ensure file integrity and detect system intrusions. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2021-45417
SHA-256 | 8a366f80e00a9b38f3a877defddf1e307764c855dbe516f1ce87a6760c2f1806
Red Hat Security Advisory 2022-0456-02
Posted Feb 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0456-02 - Advanced Intrusion Detection Environment is a utility that creates a database of files on the system, and then uses that database to ensure file integrity and detect system intrusions. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2021-45417
SHA-256 | e2bb86500bb4c987a3d28d0afccc1e6b3bf4d5c31ab12191e36623d22fe36757
Red Hat Security Advisory 2022-0440-02
Posted Feb 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0440-02 - Advanced Intrusion Detection Environment is a utility that creates a database of files on the system, and then uses that database to ensure file integrity and detect system intrusions. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2021-45417
SHA-256 | 250d9b9182fd20e3ab7b8c7194d36a4c2cf28d9c5a02c10dc8078cd80cff1c32
Red Hat Security Advisory 2022-0441-02
Posted Feb 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0441-02 - Advanced Intrusion Detection Environment is a utility that creates a database of files on the system, and then uses that database to ensure file integrity and detect system intrusions. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2021-45417
SHA-256 | 22abf2e225206de289f71aaae337ede1a449e8a2150f150f8d3b38b09b1aa178
Debian Security Advisory 5051-1
Posted Jan 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5051-1 - David Bouman discovered a heap-based buffer overflow vulnerability in the base64 functions of aide, an advanced intrusion detection system, which can be triggered via large extended file attributes or ACLs. This may result in denial of service or privilege escalation.

tags | advisory, denial of service, overflow
systems | linux, debian
advisories | CVE-2021-45417
SHA-256 | a61c163f7b03440c5d765bd482bcb5fc8719b94025c7b95fcfc636fcd4f926f0
Ubuntu Security Notice USN-5243-2
Posted Jan 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5243-2 - USN-5243-1 fixed a vulnerability in aide. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. David Bouman discovered that AIDE incorrectly handled base64 operations. A local attacker could use this issue to cause AIDE to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2021-45417
SHA-256 | 12b8a57423f596d419f639a96d32a12ebdfdfb7da1752d9b72a1df3a19b19a96
AIDE 0.17.4
Posted Jan 20, 2022
Authored by Rami Lehti | Site aide.github.io

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

Changes: Fix to prealculate buffer size in base64 functions.
tags | tool, intrusion detection
systems | unix
advisories | CVE-2021-45417
SHA-256 | c81505246f3ffc2e76036d43a77212ae82895b5881d9b9e25c1361b1a9b7a846
Ubuntu Security Notice USN-5243-1
Posted Jan 20, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5243-1 - David Bouman discovered that AIDE incorrectly handled base64 operations. A local attacker could use this issue to cause AIDE to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2021-45417
SHA-256 | bfebbb3ece1658aff738be79c7f134e2a0be247fb2c4bd9aaa0e4baeedb807b8
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close