CVE-2021-45417: 
Rocky Linux vulnerability analysis and mitigation

A heap-based buffer overflow vulnerability (CVE-2021-45417) was discovered in AIDE (Advanced Intrusion Detection Environment) versions 0.13 through 0.17.3. The vulnerability was discovered by David Bouman and publicly disclosed on January 20, 2022. The affected software, AIDE, is an advanced intrusion detection system used for file and directory integrity checking (OSS Security, NVD).

The vulnerability stems from a fixed buffer size (16384 bytes) in the encode_base64/decode_base64 functions. While initially safe for encoding/decoding calculated hashsums, the introduction of extended file attribute and ACL support in AIDE 0.13 made these functions vulnerable when processing large extended attributes or ACLs. The vulnerability has a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD, OSS Security).

The vulnerability allows local users to obtain root privileges through crafted file metadata, such as XFS extended attributes or tmpfs ACLs. An attacker could potentially crash the program and execute arbitrary code through large extended file attributes or ACLs, leading to privilege escalation when AIDE is running as root, which is typically the case when triggered by cron (OSS Security).

The vulnerability was fixed in AIDE version 0.17.4. For users unable to upgrade, alternative mitigations include applying provided patches (aide-0.17-cve-2021-45417.patch for 0.17.x or aide-0.16-cve-2021-45417.patch for 0.16.x) or removing 'acl' and 'xattrs' groups from rules matching files on affected file systems (OSS Security).