exploit the possibilities
Showing 1 - 11 of 11 RSS Feed

CVE-2021-45417

Status Candidate

Overview

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.

Related Files

Red Hat Security Advisory 2022-1263-01
Posted Apr 7, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1263-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include buffer overflow, code execution, integer overflow, privilege escalation, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-0920, CVE-2021-4028, CVE-2021-4083, CVE-2021-4155, CVE-2021-45417, CVE-2022-0330, CVE-2022-0778, CVE-2022-22942, CVE-2022-24407, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315
SHA-256 | 8099208ae1c6aef8c286b95bb11ce25104d7ea396a4083c6ef51ad9bcd09650a
Red Hat Security Advisory 2022-0540-01
Posted Feb 16, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0540-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include buffer overflow, heap overflow, and privilege escalation vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2021-4034, CVE-2021-4155, CVE-2021-45417, CVE-2022-0185
SHA-256 | 923f3586648f88116e40f30ce55effbcd7d2b6a803d6888a77b92b4b0e0c6d09
Red Hat Security Advisory 2022-0464-02
Posted Feb 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0464-02 - Advanced Intrusion Detection Environment is a utility that creates a database of files on the system, and then uses that database to ensure file integrity and detect system intrusions. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2021-45417
SHA-256 | 36b9e07030c8bb693d556dcfde4489a6ee4054518bc93ccfaa1b4f60f2c73a8f
Red Hat Security Advisory 2022-0472-02
Posted Feb 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0472-02 - Advanced Intrusion Detection Environment is a utility that creates a database of files on the system, and then uses that database to ensure file integrity and detect system intrusions. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2021-45417
SHA-256 | 62ec9be6c512b12130498c06bd9ff6904f9e846e5855db6cdab3f4a7b7de1f8c
Red Hat Security Advisory 2022-0473-02
Posted Feb 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0473-02 - Advanced Intrusion Detection Environment is a utility that creates a database of files on the system, and then uses that database to ensure file integrity and detect system intrusions. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2021-45417
SHA-256 | 8a366f80e00a9b38f3a877defddf1e307764c855dbe516f1ce87a6760c2f1806
Red Hat Security Advisory 2022-0456-02
Posted Feb 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0456-02 - Advanced Intrusion Detection Environment is a utility that creates a database of files on the system, and then uses that database to ensure file integrity and detect system intrusions. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2021-45417
SHA-256 | e2bb86500bb4c987a3d28d0afccc1e6b3bf4d5c31ab12191e36623d22fe36757
Red Hat Security Advisory 2022-0440-02
Posted Feb 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0440-02 - Advanced Intrusion Detection Environment is a utility that creates a database of files on the system, and then uses that database to ensure file integrity and detect system intrusions. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2021-45417
SHA-256 | 250d9b9182fd20e3ab7b8c7194d36a4c2cf28d9c5a02c10dc8078cd80cff1c32
Red Hat Security Advisory 2022-0441-02
Posted Feb 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0441-02 - Advanced Intrusion Detection Environment is a utility that creates a database of files on the system, and then uses that database to ensure file integrity and detect system intrusions. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2021-45417
SHA-256 | 22abf2e225206de289f71aaae337ede1a449e8a2150f150f8d3b38b09b1aa178
Ubuntu Security Notice USN-5243-2
Posted Jan 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5243-2 - USN-5243-1 fixed a vulnerability in aide. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. David Bouman discovered that AIDE incorrectly handled base64 operations. A local attacker could use this issue to cause AIDE to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2021-45417
SHA-256 | 12b8a57423f596d419f639a96d32a12ebdfdfb7da1752d9b72a1df3a19b19a96
AIDE 0.17.4
Posted Jan 20, 2022
Authored by Rami Lehti | Site aide.github.io

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

Changes: Fix to prealculate buffer size in base64 functions.
tags | tool, intrusion detection
systems | unix
advisories | CVE-2021-45417
SHA-256 | c81505246f3ffc2e76036d43a77212ae82895b5881d9b9e25c1361b1a9b7a846
Ubuntu Security Notice USN-5243-1
Posted Jan 20, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5243-1 - David Bouman discovered that AIDE incorrectly handled base64 operations. A local attacker could use this issue to cause AIDE to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2021-45417
SHA-256 | bfebbb3ece1658aff738be79c7f134e2a0be247fb2c4bd9aaa0e4baeedb807b8
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close