SB2013102906 - Multiple vulnerabilities in Freedesktop systemd
Published: October 29, 2013 Updated: August 19, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Heap-based buffer overflow (CVE-ID: CVE-2013-4391)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Integer overflow in the valid_user_field function in journal/journald-native.c in systemd. A remote attacker can use a large journal data field to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-4392)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
3) Resource management error (CVE-ID: CVE-2013-4393)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor.
4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-4394)
The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.
The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters."
Remediation
Install update from vendor's website.
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357
- http://cgit.freedesktop.org/systemd/systemd/commit/?id=505b6a61c22d5565e9308045c7b9bf79f7d0517e
- http://www.debian.org/security/2013/dsa-2777
- http://www.openwall.com/lists/oss-security/2013/10/01/9
- https://bugzilla.redhat.com/show_bug.cgi?id=859051
- https://security.gentoo.org/glsa/201612-34
- https://bugzilla.redhat.com/show_bug.cgi?id=859060
- https://bugzilla.redhat.com/show_bug.cgi?id=859104
- https://bugzilla.redhat.com/show_bug.cgi?id=862324