Lack of data validation In util-linux
Description
Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection."
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 rpm rhel5 | 0:2.13-0.50.el5 | ||
 debian 11 | 2.13.1.1-1 | ||
debian 12 | 2.13.1.1-1 | ||
debian 13 | 2.13.1.1-1 | ||
debian 14 | 2.13.1.1-1 |
Aliases
1. 2. 3. 4. 5.