Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulnerability in the Linux Audit Framework Auditd

Related Vulnerabilities: CVE-2020-35501  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Vulnerability in the Linux Audit Framework Auditd

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Felix Kosterhon &lt;felix.kosterhon () secuinfra com&gt;

Date: Thu, 18 Feb 2021 10:15:20 +0000

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Dear Sir or Madam,

my name is Felix Kosterhon and i am Cyber Defense Analyst at SECUINFRA GmbH, Germany. 

We discovered a security vulnerability in the Linux Audit Framework (Auditd). During our research we discovered that 
the usage of a certain open-syscall (open_by_handle_at) is not covered by the current file watch implementation of 
Auditd. This allows a local attacker with elevated privileges (CAP_DAC_READ_SEARCH capability) to read and modify files 
without being noticed by the implemented Auditd file watches.

We disclosed our finding to RedHat, Inc. in November and it will be published today, Feb 18, under CVE-2020-35501. As 
suggested by RedHat, Inc., we want to inform you about this security flaw. If you have any further questions, we are 
happy to help you.

We would also like to subscribe to your mailing list to stay informed about current security topics.

Best Regards,

 

Felix Kosterhon

Cyber Defense Analyst

 

 

SECUINFRA GmbH

Münchener Straße 36

60329 Frankfurt/Main

 

Mobile:  +49 151 18975666

 

felix.kosterhon () secuinfra com

www.secuinfra.com

 

Follow us on XING.

Attachment:
smime.p7s
Description: 

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

Vulnerability in the Linux Audit Framework Auditd Felix Kosterhon (Feb 18)

Re: Vulnerability in the Linux Audit Framework Auditd Steve Grubb (Feb 18)

Re: Vulnerability in the Linux Audit Framework Auditd Felix Kosterhon (Feb 18)

Re: Vulnerability in the Linux Audit Framework Auditd Salvatore Bonaccorso (Feb 25)
Re: Vulnerability in the Linux Audit Framework Auditd Steve Grubb (Mar 02)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started