Bug#727708: systemd (security) bugs (was: init system question)
A friend of mine mentioned to me in the pub that he had seem alarming
reports of systemd security bugs. Naturally I asked for more
information and he promised me an email with some references.
So, here's what Andrew sent me. Thanks to Andrew for doing this
I'll reply substantively in a moment.
--- Begin Message ---
Here's the email about systemd security holes that I kept forgetting to send
you. I hope it's (still) useful.
The debian-devel post I was thinking of is <email@example.com>
but it actually only mentions three vulnerabilities, there's a more complete
list of the ones that have affected Debian at
Here's a short summary along with the redhat bug numbers (since the redhat BTS
seems to be the place to go for systemd information)
CVE summary Debian BTS Redhat
2012-0871 systemd-logind insecure file creation ? 795853
2012-1101 DoS from systemctl status 662029 799902
2012-1174 TOCTOU deletion race in systemd-logind 664364 803358
2013-4327 insecure use of polkit 723713 1006680
2013-4391 systemd journald integer overflow 725357 859051
2013-4392 TOCTOU race updating file perms 725357 859060
2013-4393 systemd journald DoS 725357 859104
2013-4394 improper sanitization of XKB layouts 725357 862324
I think the "really bad one to do with remote connection" the guy on
debian-devel was thinking of is CVE-2013-4391 which mentions possible
arbitrary code execution from a "specially crafted packet" but I'm not sure
under what conditions it would be triggerable over IP, I guess you might have
had to set up your system as a remote journald server.
The bug I mentioned one where bad data in its binary log files causes journald
to go mad and eventially fill up /var with junk is
and is apparently still not fixed.
Generally the RedHat BTS at
make alarming reading
Hope this helps,
--- End Message ---