Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and previous versions makes it easier for remote malicious users to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux util-linux 2.13.0.1 |
||
linux util-linux 2.13 |
||
linux util-linux 2.13.1 |
||
linux util-linux 2.13.1.1 |
||
linux util-linux 2.14 |