AIDE Null Pointer Dereference Vulnerability Leading to Local Denial-of-Service

A null pointer dereference vulnerability has been identified in AIDE (Advanced Intrusion Detection Environment) versions 0.13 prior to 0.19.1. This vulnerability allows a local user to cause a denial-of-service by crashing the program during report printing or database listing. The issue arises when extended file attributes are set with an empty value or a key containing a comma. The vulnerability has been patched in AIDE version 0.19.2.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a crash of the AIDE program.

Reproduction

To reproduce this vulnerability, a file must be created with an extended attribute that either has an empty value or a key containing a comma. AIDE must be compiled with the '--with-xattr' configure flag, which is the default for most distributions. After the attribute is set, AIDE can be run to initialize the database, followed by a check or a list command. The vulnerability will manifest as a crash on the second run, after the attribute has been written to the database.

Remediation

Users are advised to upgrade to AIDE version 0.19.2. If an upgrade is not possible, consider removing the 'xattrs' group from rules matching files on affected file systems.