]> err.no Git - util-linux/commit
projects / util-linux / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3a4a13b) | patch
login: audit log injection attack via login
authorSteve Grubb <sgrubb@redhat.com>
Sat, 19 Apr 2008 15:49:02 +0000 (11:49 -0400)
committerKarel Zak <kzak@redhat.com>
Mon, 21 Apr 2008 11:34:31 +0000 (13:34 +0200)
commit8ccf0b253ac0f4f58d64bc9674de18bff5a88782
treebbb9e53f7ced4bc0267b8e36ef3e9276fa5b2ffatree | snapshot
parent3a4a13b12a8065b0b5354686d2807cce421a9973commit | diff
login: audit log injection attack via login

A while back I found a couple audit log injection attacks which became
CVE-2007-3102. I forgot to look at login to see if its vulnerable and Mirek
found that it is. To verify the problem, type:

root addr=xyz.com

for the account name while logging in. It will look like root logged in with
an address of xyz.com.

Signed-off-by: Steve Grubb <sgrubb@redhat.com>
login-utils/login.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.