CVE-2021-45417
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.
| Software | From | Fixed in |
|---|---|---|
| advanced_intrusion_detection_environment_project / advanced_intrusion_detection_environment | 0.13 | 0.17.3.x |
| redhat / enterprise_linux | 7.0 | 7.0.x |
| redhat / enterprise_linux | 6.0 | 6.0.x |
| redhat / virtualization_host | 4.0 | 4.0.x |
| redhat / enterprise_linux | 8.0 | 8.0.x |
| redhat / ovirt-node | 4.4.10 | 4.4.10.x |
| fedoraproject / fedora | 35 | 35.x |
| canonical / ubuntu_linux | 18.04 | 18.04.x |
| canonical / ubuntu_linux | 14.04 | 14.04.x |
| canonical / ubuntu_linux | 20.04 | 20.04.x |
| canonical / ubuntu_linux | 16.04 | 16.04.x |
| canonical / ubuntu_linux | 21.04 | 21.04.x |
| canonical / ubuntu_linux | 21.10 | 21.10.x |
| debian / debian_linux | 9.0 | 9.0.x |
| debian / debian_linux | 10.0 | 10.0.x |
| debian / debian_linux | 11.0 | 11.0.x |
- http://www.openwall.com/lists/oss-security/2022/01/20/3
- https://lists.debian.org/debian-lts-announce/2022/01/msg00024.html
- https://security.gentoo.org/glsa/202311-07
- https://www.debian.org/security/2022/dsa-5051
- https://www.ipi.fi/pipermail/aide/2022-January/001713.html
- https://www.openwall.com/lists/oss-security/2022/01/20/3
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime