Computer Security
[EN] securityvulns.ru no-pyccku


systemd security vulnerabilities
Published:12.10.2013
Source:
SecurityVulns ID:13365
Type:local
Threat Level:
6/10
Description:Integer overflow, protection bypass, privilege escalation.
CVE:CVE-2013-4394 (The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters.")
 CVE-2013-4391 (Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow.)
 CVE-2013-4327 (systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2777-1] systemd security update (12.10.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod