RSS   Podatności dla 'Systemd'   RSS

2013-10-28
 
CVE-2013-4394

 
 
The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters."

 
 
CVE-2013-4393

 
 
journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor.

 
 
CVE-2013-4392

CWE-264
 
 
systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.

 
 
CVE-2013-4391

 
 
Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow.

 
2013-10-03
 
CVE-2013-4327

 
 
systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

 

 >>> Vendor: Ubuntu developers 4 Produkty
Language-selector
Systemd
Apt-xapian-index
OBBY

Copyright 2024, cxsecurity.com

 

Back to Top