7.8
CVSSv3

CVE-2021-45417

Published: 20/01/2022 Updated: 26/01/2022
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

AIDE prior to 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

advanced intrusion detection environment project advanced intrusion detection environment

redhat ovirt-node 4.4.10

redhat virtualization host 4.0

redhat enterprise linux 6.0

redhat enterprise linux 7.0

redhat enterprise linux 8.0

fedoraproject fedora 35

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

canonical ubuntu linux 20.04

canonical ubuntu linux 21.04

canonical ubuntu linux 21.10

debian debian linux 9.0

debian debian linux 10.0

debian debian linux 11.0

Vendor Advisories

Synopsis Important: aide security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for aide is now available for Red Hat Enterprise Linux 6 Extended Lifecycle SupportRed Hat Product Security has rated thi ...
Synopsis Important: aide security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for aide is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Security has rated this ...
Synopsis Important: aide security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for aide is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a securi ...
Synopsis Important: aide security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for aide is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security has rated this ...
Synopsis Important: aide security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for aide is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a securi ...
Synopsis Important: aide security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for aide is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Product Security has ...
David Bouman discovered a heap-based buffer overflow vulnerability in the base64 functions of aide, an advanced intrusion detection system, which can be triggered via large extended file attributes or ACLs This may result in denial of service or privilege escalation For the oldstable distribution (buster), this problem has been fixed in version 0 ...
Synopsis Important: Red Hat Virtualization Host security update [ovirt-4410-1] Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for redhat-release-virtualization-host and redhat-virtualization-host is now avail ...
A heap-based buffer overflow vulnerability in the base64 functions of AIDE, an advanced intrusion detection system An attacker could crash the program and possibly execute arbitrary code through large (<16k) extended file attributes or ACL (CVE-2021-45417) ...
A heap-based buffer overflow vulnerability in in the base64 functions of AIDE, an advanced intrusion detection system An attacker could crash the program and possibly execute arbitrary code through large (<16k) extended file attributes or ACL ...
Synopsis Important: RHV-H security update (redhat-virtualization-host) 4322 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for redhat-release-virtualization-host and redhat-virtualization-host is now availabl ...

Mailing Lists

Summary ======= David Bouman discovered a heap-based buffer overflow vulnerability in base64 functions of AIDE, an advanced intrusion detection system An attacker could crash the program and possibly execute arbitrary code through large (<16k) extended file attributes or ACL A local user might exploit this flaw for root privilege escalation ...