CVE-2008-1926

Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection."
Configurations

Configuration 1

cpe:2.3:a:linux:util-linux:2.13.0.1:*:*:*:*:*:*:*
cpe:2.3:a:linux:util-linux:2.13:*:*:*:*:*:*:*
cpe:2.3:a:linux:util-linux:2.13.1:*:*:*:*:*:*:*
cpe:2.3:a:linux:util-linux:2.13.1.1:*:*:*:*:*:*:*
cpe:2.3:a:linux:util-linux:2.14:rc1:*:*:*:*:*:*

Information

Published : 2008-04-24 05:05

Updated : 2023-02-13 02:19


NVD link : CVE-2008-1926

Mitre link : CVE-2008-1926

Products Affected
CWE