AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C
Vendors Products
Redhat
  • Enterprise Linux
  • Virtualization Host
  • Ovirt-node
Advanced Intrusion Detection Environment Project
  • Advanced Intrusion Detection Environment
Canonical
  • Ubuntu Linux
Fedoraproject
  • Fedora
Debian
  • Debian Linux

Configuration 1 [-]

cpe:2.3:a:advanced_intrusion_detection_environment_project:advanced_intrusion_detection_environment:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:redhat:ovirt-node:4.4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:21.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
References
Link Resource
http://www.openwall.com/lists/oss-security/2022/01/20/3 Exploit Mailing List Mitigation Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/01/msg00024.html Mailing List Third Party Advisory
https://security.gentoo.org/glsa/202311-07
https://www.debian.org/security/2022/dsa-5051 Third Party Advisory
https://www.ipi.fi/pipermail/aide/2022-January/001713.html Exploit Mailing List Mitigation Patch Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/01/20/3 Exploit Mailing List Mitigation Patch Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-01-20T00:00:00

Updated: 2023-11-25T09:06:19.920493

Reserved: 2021-12-20T00:00:00

Link: CVE-2021-45417

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2022-01-20T18:15:07.640

Modified: 2023-11-25T09:15:44.413

Link: CVE-2021-45417

JSON object: View

cve-icon Redhat Information

No data.

CWE