Linux Audit Daemon 'audit_log_user_command()' Local Buffer Overflow Vulnerability

info
discussion
exploit
solution
references

Linux Audit Daemon 'audit_log_user_command()' Local Buffer Overflow Vulnerability

The Linux Audit daemon is prone to a local buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input.

Successfully exploiting this issue allows local attackers to execute arbitrary machine code with elevated privileges. This may facilitate the compromise of affected computers.

Versions prior to Linux Audit 1.7 are vulnerable.