Audit prior to 2.4.4 in Linux does not sanitize escape characters in filenames.
linux audit project linux audit