CVE-2021-45417
published 2022-01-20CVE-2021-45417: AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advanced_intrusion_detection_environment_project | advanced_intrusion_detection_environment | 0.13 – 0.17.3 | — |
| aide | aide | >= 0 < 0.17.3-4+deb11u1 | 0.17.3-4+deb11u1 |
| aide | aide | >= 0 < 0.17.4-1 | 0.17.4-1 |
| aide | aide | >= 0 < 0.17.4-1 | 0.17.4-1 |
| aide | aide | >= 0 < 0.17.4-1 | 0.17.4-1 |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | aide | < aide 0.17.4-1 (bookworm) | aide 0.17.4-1 (bookworm) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| fedoraproject | fedora | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | ovirt-node | — | — |
| redhat | virtualization_host | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH
Ubuntu
AIDE vulnerability
vendor_ubuntu·2022-01-20
CVE-2021-45417 AIDE vulnerability
Title: AIDE vulnerability
Summary: AIDE could be made to crash or run programs as an administrator if it
opened a specially crafted file.
David Bouman discovered that AIDE incorrectly handled base64 operations. A
local attacker could use this issue to cause AIDE to crash, resulting in a
denial of service, or possibly execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
aide: heap-based buffer overflow on outputs larger than B64_BUF
vendor_redhat·2022-01-20·CVSS 7.8
CVE-2021-45417 [HIGH] CWE-787 aide: heap-based buffer overflow on outputs larger than B64_BUF
aide: heap-based buffer overflow on outputs larger than B64_BUF
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.
A heap-based buffer overflow vulnerability in the base64 functions of AIDE, an advanced intrusion detection system. An attacker could crash the program and possibly execute arbitrary code through large (<16k) extended file attributes or ACL.
Package: aide (Red Hat Enterprise Linux 9) - Not affected
Ubuntu
AIDE vulnerability
vendor_ubuntu·2022-01-20
CVE-2021-45417 AIDE vulnerability
Title: AIDE vulnerability
Summary: AIDE could be made to crash or run programs as an administrator if it
opened a specially crafted file.
USN-5243-1 fixed a vulnerability in aide. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
David Bouman discovered that AIDE incorrectly handled base64 operations. A
local attacker could use this issue to cause AIDE to crash, resulting in a
denial of service, or possibly execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2021-45417: aide - AIDE before 0.17.4 allows local users to obtain root privileges via crafted file...
vendor_debian·2021·CVSS 7.8
CVE-2021-45417 [HIGH] CVE-2021-45417: aide - AIDE before 0.17.4 allows local users to obtain root privileges via crafted file...
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.
Scope: local
bookworm: resolved (fixed in 0.17.4-1)
bullseye: resolved (fixed in 0.17.3-4+deb11u1)
forky: resolved (fixed in 0.17.4-1)
sid: resolved (fixed in 0.17.4-1)
trixie: resolved (fixed in 0.17.4-1)
GHSA
GHSA-gfm2-8gq5-m3x8: AIDE before 0
ghsa_unreviewed·2022-01-21
CVE-2021-45417 [HIGH] CWE-787 GHSA-gfm2-8gq5-m3x8: AIDE before 0
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.
OSV
CVE-2021-45417: AIDE before 0
osv·2022-01-20·CVSS 7.8
CVE-2021-45417 [HIGH] CVE-2021-45417: AIDE before 0
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.openwall.com/lists/oss-security/2022/01/20/3https://lists.debian.org/debian-lts-announce/2022/01/msg00024.htmlhttps://security.gentoo.org/glsa/202311-07https://www.debian.org/security/2022/dsa-5051https://www.ipi.fi/pipermail/aide/2022-January/001713.htmlhttps://www.openwall.com/lists/oss-security/2022/01/20/3http://www.openwall.com/lists/oss-security/2022/01/20/3https://lists.debian.org/debian-lts-announce/2022/01/msg00024.htmlhttps://security.gentoo.org/glsa/202311-07https://www.debian.org/security/2022/dsa-5051https://www.ipi.fi/pipermail/aide/2022-January/001713.htmlhttps://www.openwall.com/lists/oss-security/2022/01/20/3
2022-01-20
Published