Rapid7 Vulnerability & Exploit Database

CESA-2007:0539: aide security update

Free InsightVM Trial No credit card necessary
Watch Demo See how it all works
Back to Search

CESA-2007:0539: aide security update



An updated aide package that fixes various bugs is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Advanced Intrusion Detection Environment (AIDE) is a file integrity checker and intrusion detection program. A flaw was discovered in the way file checksums were stored in the AIDE database. A packaging flaw in the CentOS AIDE rpm resulted in the file database not containing any file checksum information. This could prevent AIDE from detecting certain file modifications. (CVE-2007-3849) This update also fixes the following bugs: * certain configurations could result in a segmentation fault upon initialization. * AIDE was unable to open its log file in the LSPP evaluated configuration. * if AIDE found SELinux context differences, the changed files report it generated only included the first 32 characters of the context. All users of AIDE are advised to upgrade to this updated package containing AIDE version 0.13.1 which is not vulnerable to these issues.


  • centos-upgrade-aide

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center