Red Hat Bugzilla – Bug 443925
CVE-2008-1926 util-linux: audit log injection via login
Last modified: 2010-12-23 12:36:04 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1926 to the following vulnerability:
Argument injection vulnerability in login (login-utils/login.c) in
util-linux-ng 2.14 and earlier makes it easier for remote attackers to
hide activities by modifying portions of log events, as demonstrated
by appending an "addr=" statement to the login name, aka "audit log
util-linux-ng-2.13.1-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Via RHSA-2009:0981 https://rhn.redhat.com/errata/RHSA-2009-0981.html
This is also: https://bugzilla.redhat.com/show_bug.cgi?id=456378
which means this was resolved via:
https://rhn.redhat.com/errata/RHBA-2009-0070.html for RHEL5.