CVE-2020-35501

Hello Mr Grubb, thank you for your insight First and foremost we would like to clarify that our intent is not to put blame on anyone but to improve the level of security for the affected systems and the organisations utilising Auditd According to the rulesconf manual page, file-watch rules are meant to monitor any accesses to files based on ...

Hi, On Thu, Feb 18, 2021 at 03:52:54PM +0000, Felix Kosterhon wrote: Is there a reference to this which can be followed/tracked? Asking because the Red Hat bugzilla entry for CVE-2020-35501 for now would still be restricted, but would like to get a better idea on how to track this issue within Debian Regards, Salvatore ...

Hello, On Thursday, February 25, 2021 3:48:38 PM EST Salvatore Bonaccorso wrote: Not sure who is supposed to answer this I started an upstream audit discussion: listmanredhatcom/archives/linux-audit/2021-February/msg00079html The current thinking is perhaps just document this in a man page End users can always use a syscall audi ...

Hello, I normally do not comment on security announcements, but this needs some fixing On Thursday, February 18, 2021 5:15:20 AM EST Felix Kosterhon wrote: Before people start asking for an updated audit package, auditd is not responsible for this The Linux Kernel is where any issue might lie Blaming auditd is like saying syslog has a ...

Dear Sir or Madam, my name is Felix Kosterhon and i am Cyber Defense Analyst at SECUINFRA GmbH, Germany We discovered a security vulnerability in the Linux Audit Framework (Auditd) During our research we discovered that the usage of a certain open-syscall (open_by_handle_at) is not covered by the current file watch implementation of Auditd ...