Fedora 8 : audit-1.6.8-4.fc8 (2008-3012)

This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

This release fixes the init script headers to not provide LSB info.
This was causing audit to start too late. It also fixes a problem
where saddr fields were not being decoded correctly on avc events in
ausearch. This also fixes a buffer overflow in audit_log_user_command
that is caught by FORTIFY_SOURCE, resulting in an application crash.
sudo is the only application known to use this vulnerable function.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=440275
http://www.nessus.org/u?899a4811

Solution :

Update the affected audit package.

Risk factor :

Medium / CVSS Base Score : 4.1
(CVSS2#AV:L/AC:M/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 3.6
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Fedora Local Security Checks

Nessus Plugin ID: 31825 (fedora_2008-3012.nasl)

Bugtraq ID: 28524

CVE ID: CVE-2008-1628

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now