CVE-2007-3102
published 2007-10-18CVE-2007-3102: Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
2.34%
81.5th percentile
Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssh | — | — |
| openbsd | openssh | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_debian4.3LOW
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pjxv-8cr6-cx99: Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4
ghsa_unreviewed·2022-05-01
CVE-2007-3102 [MEDIUM] GHSA-pjxv-8cr6-cx99: Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4
Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information.
Red Hat
audit logging of failed logins
vendor_redhat·2007-11-07·CVSS 4.3
CVE-2007-3102 [MEDIUM] audit logging of failed logins
audit logging of failed logins
Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information.
Debian
CVE-2007-3102: openssh - Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4....
vendor_debian·2007·CVSS 4.3
CVE-2007-3102 [MEDIUM] CVE-2007-3102: openssh - Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4....
Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
Bugzilla
CVE-2007-3102 audit logging of failed logins
bugzilla·2007-07-12·CVSS 4.3
CVE-2007-3102 [MEDIUM] CVE-2007-3102 audit logging of failed logins
CVE-2007-3102 audit logging of failed logins
+++ This bug was initially created as a clone of Bug #247797 +++
Description of problem:
The logging of failed logins can be used to inject bad information into audit
logs. Example:
ssh -l "fakeuser auid=1234 tty=pty1 host=127.0.0.1" victim
causes:
type=USER_AUTH msg=audit(06/07/2007 11:04:14.429:101) : user pid=8151 uid=root
auid=unset subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='PAM: authentication
acct=fakeuser auid=unknown(1234) tty=pty1 host=127.0.0.1 : exe=/usr/sbin/sshd
(hostname=discovery.redhat.com, addr=192.168.1.171, terminal=ssh res=failed)'
Version-Release number of selected component (if applicable):
all recent versions
-- Additional comment from [email protected] on 2007-06-08 15:10 EST --
ssh -l "fakeuser auid=1234 t
Bugzilla
CVE-2007-3102 audit logging of failed logins
bugzilla·2007-07-12·CVSS 4.3
CVE-2007-3102 [MEDIUM] CVE-2007-3102 audit logging of failed logins
CVE-2007-3102 audit logging of failed logins
+++ This bug was initially created as a clone of Bug #247797 +++
Description of problem:
The logging of failed logins can be used to inject bad information into audit
logs. Example:
ssh -l "fakeuser auid=1234 tty=pty1 host=127.0.0.1" victim
causes:
type=USER_AUTH msg=audit(06/07/2007 11:04:14.429:101) : user pid=8151 uid=root
auid=unset subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='PAM: authentication
acct=fakeuser auid=unknown(1234) tty=pty1 host=127.0.0.1 : exe=/usr/sbin/sshd
(hostname=discovery.redhat.com, addr=192.168.1.171, terminal=ssh res=failed)'
Version-Release number of selected component (if applicable):
all recent versions
-- Additional comment from [email protected] on 2007-06-08 15:10 EST --
ssh -l "fakeuser auid=1234 t
Bugzilla
CVE-2007-3102 audit logging of failed logins
bugzilla·2007-07-11·CVSS 4.3
CVE-2007-3102 [MEDIUM] CVE-2007-3102 audit logging of failed logins
CVE-2007-3102 audit logging of failed logins
+++ This bug was initially created as a clone of Bug #243204 +++
Description of problem:
The logging of failed logins can be used to inject bad information into audit
logs. Example:
ssh -l "fakeuser auid=1234 tty=pty1 host=127.0.0.1" victim
causes:
type=USER_AUTH msg=audit(06/07/2007 11:04:14.429:101) : user pid=8151 uid=root
auid=unset subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='PAM: authentication
acct=fakeuser auid=unknown(1234) tty=pty1 host=127.0.0.1 : exe=/usr/sbin/sshd
(hostname=discovery.redhat.com, addr=192.168.1.171, terminal=ssh res=failed)'
Version-Release number of selected component (if applicable):
all recent versions
-- Additional comment from [email protected] on 2007-06-08 15:10 EST --
ssh -l "fakeuser auid=1234 t
Bugzilla
CVE-2007-3102 audit logging of failed logins
bugzilla·2007-06-07·CVSS 4.3
CVE-2007-3102 [MEDIUM] CVE-2007-3102 audit logging of failed logins
CVE-2007-3102 audit logging of failed logins
Description of problem:
The logging of failed logins can be used to inject bad information into audit
logs. Example:
ssh -l "fakeuser auid=1234 tty=pty1 host=127.0.0.1" victim
causes:
type=USER_AUTH msg=audit(06/07/2007 11:04:14.429:101) : user pid=8151 uid=root
auid=unset subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='PAM: authentication
acct=fakeuser auid=unknown(1234) tty=pty1 host=127.0.0.1 : exe=/usr/sbin/sshd
(hostname=discovery.redhat.com, addr=192.168.1.171, terminal=ssh res=failed)'
Version-Release number of selected component (if applicable):
all recent versions
Additional info:
Fixing this requires a small patch to pam to use a different audit logging function.
Discussion:
Created attachment 156601
Patch addressing the iss
http://osvdb.org/39214http://secunia.com/advisories/27235http://secunia.com/advisories/27588http://secunia.com/advisories/27590http://secunia.com/advisories/28319http://secunia.com/advisories/28320http://support.avaya.com/elmodocs2/security/ASA-2007-526.htmhttp://support.avaya.com/elmodocs2/security/ASA-2007-527.htmhttp://www.redhat.com/support/errata/RHSA-2007-0540.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0555.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0703.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0737.htmlhttp://www.securityfocus.com/bid/26097https://bugzilla.redhat.com/show_bug.cgi?id=248059https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11124https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00214.htmlhttp://osvdb.org/39214http://secunia.com/advisories/27235http://secunia.com/advisories/27588http://secunia.com/advisories/27590http://secunia.com/advisories/28319http://secunia.com/advisories/28320http://support.avaya.com/elmodocs2/security/ASA-2007-526.htmhttp://support.avaya.com/elmodocs2/security/ASA-2007-527.htmhttp://www.redhat.com/support/errata/RHSA-2007-0540.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0555.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0703.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0737.htmlhttp://www.securityfocus.com/bid/26097https://bugzilla.redhat.com/show_bug.cgi?id=248059https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11124https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00214.html
2007-10-18
Published