Vulnerability Name: | CVE-2007-3102 (CCN-37371) | ||||||||||||||||||||||||||||||||
Assigned: | 2007-10-18 | ||||||||||||||||||||||||||||||||
Published: | 2007-10-18 | ||||||||||||||||||||||||||||||||
Updated: | 2017-10-11 | ||||||||||||||||||||||||||||||||
Summary: | Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. Note: some of these details are obtained from third party information. | ||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-noinfo | ||||||||||||||||||||||||||||||||
Vulnerability Consequences: | File Manipulation | ||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2007-3102 Source: OSVDB Type: UNKNOWN 39214 Source: CCN Type: RHSA-2007-0540 Moderate: openssh security and bug fix update Source: CCN Type: RHSA-2007-0555 Moderate: pam security Source: CCN Type: RHSA-2007-0703 Moderate: openssh security and bug fix update Source: CCN Type: RHSA-2007-0737 Moderate: pam security Source: SECUNIA Type: Vendor Advisory 27235 Source: SECUNIA Type: UNKNOWN 27588 Source: SECUNIA Type: UNKNOWN 27590 Source: CCN Type: SA28319 Avaya Products pam Vulnerability and Security Issue Source: SECUNIA Type: UNKNOWN 28319 Source: CCN Type: SA28320 Avaya Products openssh Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 28320 Source: CONFIRM Type: UNKNOWN http://support.avaya.com/elmodocs2/security/ASA-2007-526.htm Source: CCN Type: ASA-2007-526 PAM security bug fix and enhancement update (RHSA-2007-0737) Source: CONFIRM Type: UNKNOWN http://support.avaya.com/elmodocs2/security/ASA-2007-527.htm Source: CCN Type: ASA-2007-527 OpenSSH security and bug fix update (RHSA-2007-0703) Source: CCN Type: OSVDB ID: 39214 OpenSSH linux_audit_record_event Crafted Username Audit Log Injection Source: REDHAT Type: UNKNOWN RHSA-2007:0540 Source: REDHAT Type: UNKNOWN RHSA-2007:0555 Source: REDHAT Type: UNKNOWN RHSA-2007:0703 Source: REDHAT Type: UNKNOWN RHSA-2007:0737 Source: BID Type: UNKNOWN 26097 Source: CCN Type: BID-26097 OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness Source: MISC Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=248059 Source: XF Type: UNKNOWN openssh-username-data-manipulation(37371) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11124 Source: CCN Type: FEDORA-2007-715 [SECURITY] Fedora Core 6 Update: openssh-4.3p2-25.fc6 Source: FEDORA Type: UNKNOWN FEDORA-2007-715 | ||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration RedHat 6: Configuration RedHat 7: Configuration RedHat 8: Configuration RedHat 9: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
BACK |