]> err.no Git - util-linux/commit
projects / util-linux / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b08ed1f) | patch
login: audit log injection attack via login
authorSteve Grubb <sgrubb@redhat.com>
Sat, 19 Apr 2008 15:49:02 +0000 (11:49 -0400)
committerKarel Zak <kzak@redhat.com>
Mon, 21 Apr 2008 13:05:43 +0000 (15:05 +0200)
commited485e1653dbe297f85e845256082ef13c797942
tree28720afeb8cd1aaab601769fceef075fae807425tree | snapshot
parentb08ed1f38af2b8122d95e24db32d118e42e2a506commit | diff
login: audit log injection attack via login

A while back I found a couple audit log injection attacks which became
CVE-2007-3102. I forgot to look at login to see if its vulnerable and Mirek
found that it is. To verify the problem, type:

root addr=xyz.com

for the account name while logging in. It will look like root logged in with
an address of xyz.com.

Signed-off-by: Steve Grubb <sgrubb@redhat.com>
login-utils/login.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.