Bug 859051 (CVE-2013-4391)

Summary: CVE-2013-4391 systemd: Integer overflow, leading to heap-based buffer overflow by processing native messages
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bressers, fweimer, jrusnack, lpoetter, mmcallis, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,public=20130923,reported=20120919,source=redhat,cvss2=4.6/AV:L/AC:L/Au:N/C:P/I:P/A:P,cwe=CWE-190->CWE-122,fedora-all/systemd=notaffected,rhel-7/systemd=notaffected
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-02-12 01:07:51 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 858746    
Bug Blocks: 859151    

Description Jan Lieskovsky 2012-09-20 09:05:54 EDT 
An integer overflow, leading to heap-based buffer overflow flaw was found in the way journald functionality of systemd, a system and service manager, processed native messages. A local attacker could provide a specially-crafted packet that when processed by systemd would lead to systemd daemon crash or, potentially, arbitrary code execution with the privileges of the user running the daemon.

Issue found by Florian Weimer, Red Hat Product Security Team

Upstream patch:
[1] http://cgit.freedesktop.org/systemd/systemd/commit/?id=505b6a61c22d5565e9308045c7b9bf79f7d0517e
Comment 2 Huzaifa S. Sidhpurwala 2013-09-23 03:05:39 EDT 
This issue has been addressed in the version of systemd as shipped with Fedora 18 and 19. (Current versions are not affected)
Comment 3 Vincent Danen 2013-10-01 18:53:22 EDT 
Acknowledgements:

This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Comment 4 Vincent Danen 2013-10-01 18:53:49 EDT 
This was assigned CVE-2013-4391:

http://www.openwall.com/lists/oss-security/2013/10/01/9