Red Hat Advanced Intrusion Detection Environment Checksum Database Weakness
BID:25542
Info
Red Hat Advanced Intrusion Detection Environment Checksum Database Weakness
| Bugtraq ID: | 25542 |
| Class: | Design Error |
| CVE: |
CVE-2007-3849 |
| Remote: | No |
| Local: | Yes |
| Published: | Sep 04 2007 12:00AM |
| Updated: | Sep 06 2007 04:01PM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux 5 Server |
| Not Vulnerable: | |
Discussion
Red Hat Advanced Intrusion Detection Environment Checksum Database Weakness
Red Hat Advanced Intrusion Detection Environment (AIDE) is prone to a design weakness because its database does not contain checksums for files.
An attacker may exploit this issue to evade AIDE file-modification checks, which may lead to other attacks.
This issue is due to an RPM packaging error on Red Hat systems. Other implementations of AIDE may also be affected, but Symantec has not confirmed this.
Versions prior to AIDE 0.13.1 on Red Hat Enterprise Linux 5 server and client are vulnerable.
Red Hat Advanced Intrusion Detection Environment (AIDE) is prone to a design weakness because its database does not contain checksums for files.
An attacker may exploit this issue to evade AIDE file-modification checks, which may lead to other attacks.
This issue is due to an RPM packaging error on Red Hat systems. Other implementations of AIDE may also be affected, but Symantec has not confirmed this.
Versions prior to AIDE 0.13.1 on Red Hat Enterprise Linux 5 server and client are vulnerable.
Exploit / POC
Red Hat Advanced Intrusion Detection Environment Checksum Database Weakness
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Red Hat Advanced Intrusion Detection Environment Checksum Database Weakness
Solution:
The vendor has addressed this issue in AIDE 0.13.1 for Red Hat Enterprise Linux 5 server and client. Please see the references for more information.
Solution:
The vendor has addressed this issue in AIDE 0.13.1 for Red Hat Enterprise Linux 5 server and client. Please see the references for more information.
References
Red Hat Advanced Intrusion Detection Environment Checksum Database Weakness
References:
References:
- AIDE Home Page (AIDE)
- Bugzilla Bug 236923: CVE-2007-3849 Rebase aide to 0.13.1 (Red Hat)
- Moderate: aide security update (Red Hat)