[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#727708: systemd (security) bugs (was: init system question)

A friend of mine mentioned to me in the pub that he had seem alarming
reports of systemd security bugs.  Naturally I asked for more
information and he promised me an email with some references.

So, here's what Andrew sent me.  Thanks to Andrew for doing this

I'll reply substantively in a moment.

--- Begin Message ---
Hi Ian,

Here's the email about systemd security holes that I kept forgetting to send
you. I hope it's (still) useful.

The debian-devel post I was thinking of is <441543.92540.bm@smtp118.mail.ir2.yahoo.com>
but it actually only mentions three vulnerabilities, there's a more complete
list of the ones that have affected Debian at

Here's a short summary along with the redhat bug numbers (since the redhat BTS
seems to be the place to go for systemd information)

CVE		summary					Debian BTS	Redhat
2012-0871	systemd-logind insecure file creation	?		795853 
2012-1101	DoS from systemctl status		662029		799902
2012-1174	TOCTOU deletion race in systemd-logind	664364		803358
2013-4327	insecure use of polkit			723713		1006680
2013-4391	systemd journald integer overflow	725357		859051
2013-4392	TOCTOU race updating file perms		725357		859060
2013-4393	systemd journald DoS			725357		859104
2013-4394	improper sanitization of XKB layouts	725357		862324

I think the "really bad one to do with remote connection" the guy on
debian-devel was thinking of is CVE-2013-4391 which mentions possible
arbitrary code execution from a "specially crafted packet" but I'm not sure
under what conditions it would be triggerable over IP, I guess you might have
had to set up your system as a remote journald server.

The bug I mentioned one where bad data in its binary log files causes journald
to go mad and eventially fill up /var with junk is
and is apparently still not fixed.

Generally the RedHat BTS at
make alarming reading

Hope this helps,


--- End Message ---

Reply to: