Информационная безопасность
[RU] switch to English


Уязвимости безопасности в systemd
Опубликовано:12 октября 2013 г.
Источник:
SecurityVulns ID:13365
Тип:локальная
Уровень опасности:
6/10
Описание:Целочисленное переполнение, обход защиты, повышение привилегий.
CVE:CVE-2013-4394 (The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters.")
 CVE-2013-4391 (Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow.)
 CVE-2013-4327 (systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2777-1] systemd security update (12.10.2013)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород