Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr" statement to the login name, aka "audit log injection."
Publication date: Thu, 24 Apr 2008 10:05:00 +0000