Raj3Shp

Name of the Vulnerable Software and Affected Versions: AIDE versions 0.13 through 0.19.1 Description: AIDE, an advanced intrusion detection environment, contains a null pointer dereference issue. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a key containing a comma. A local user might exploit this to cause a local denial of service. Recommendations: Update to version 0.19.2 or later. As a workaround, remove the xattrs group from rules matching files on affected file systems.

Name of the Vulnerable Software and Affected Versions: AIDE versions prior to 0.19.2 Description: AIDE is susceptible to an improper output neutralization issue. An attacker can create a malicious filename containing terminal escape sequences to conceal file additions or removals from reports and manipulate log output. A local user could exploit this to circumvent AIDE’s detection of malicious files. The output of extended attribute key names and symbolic link targets are also not properly neutralized. Recommendations: Versions prior to 0.19.2: Update to version 0.19.2 or later. Versions prior to 0.19.2: Configure AIDE to write the report output to a regular file. Versions prior to 0.19.2: Redirect stdout to a regular file. Versions prior to 0.19.2: Redirect the log output written to stderr to a regular file.