Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 4 product line. The current stable release is 4.9. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 427393

Summary: audit: Logging execve arguments, out of memory in audit_expand
Product: Red Hat Enterprise Linux 4 Reporter: RHEL Program Management <pm-rhel>
Component: kernelAssignee: Vitaly Mayatskikh <vmayatsk>
Status: CLOSED ERRATA QA Contact: Martin Jenner <mjenner>
Severity: high Docs Contact:
Priority: urgent    
Version: 4.0CC: dhoward, eparis, jplans, lwang, sgrubb, tao
Target Milestone: rcKeywords: Regression, ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: RHSA-2008-0167 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-03-14 10:30:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 310651    
Bug Blocks:    

Description RHEL Program Management 2008-01-03 17:26:58 UTC 
This bug has been copied from bug #310651 and has been proposed
to be backported to 4.6 z-stream (EUS).
Comment 2 RHEL Program Management 2008-01-03 17:36:09 UTC 
This bugzilla has Keywords: Regression.  

Since no regressions are allowed between releases, 
it is also being proposed as a blocker for this release.  

Please resolve ASAP.
Comment 4 Jan Lieskovsky 2008-02-27 10:42:04 UTC 
Comment from Mark J.Cox:

After review we believe this actually doesn't qualify to be treated as a
security vulnerability:

The customers who reported this flaw have a non-default setup specifically
designed to cause a machine panic under OOM situations.  The bug is likely to
trigger the panic under normal operating circumstances, even without a local
malicious attacker, and indeed this is how the reporting customers found this
issue.  

So a local malicious attacker could cause the machine configured in this way to
panic (leaving their traces all over the audit log), but it was most likely
going to panic by itself at some point anyway.

I'm going to therefore remove the CVE name we allocated for this issue.
Comment 8 errata-xmlrpc 2008-03-14 10:30:55 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2008-0167.html