Bug 1084286 - systemd: Stack-based buffer overflow in systemd-ask-password
Summary: systemd: Stack-based buffer overflow in systemd-ask-password
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
: 1085120 (view as bug list)
Depends On:
Blocks: 1083378
TreeView+ depends on / blocked
Reported: 2014-04-04 05:20 UTC by Huzaifa S. Sidhpurwala
Modified: 2021-02-17 06:42 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2014-05-12 04:44:04 UTC

Attachments (Terms of Use)

Description Huzaifa S. Sidhpurwala 2014-04-04 05:20:15 UTC
A stack-based buffer overflow was found in systemd-ask-password, a utility used to query a system password or passphrase from the user, using a question message specified on the command line. A local user could this flaw to crash the binary or even execute arbitrary code with the permissions of the user running the program.

This issue is fixed upstream via the following commit:


Comment 1 Huzaifa S. Sidhpurwala 2014-04-04 05:33:56 UTC


Comment 3 Roy 2014-04-08 08:51:53 UTC
*** Bug 1085120 has been marked as a duplicate of this bug. ***

Comment 4 Fedora Update System 2014-04-14 22:40:10 UTC
systemd-208-16.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Huzaifa S. Sidhpurwala 2014-05-12 04:42:50 UTC
After investigation it seems that the only impact of this flaw is crash of the "systemd-ask-password" utility. Systemd does not use this utility in anyway which could result in privilege escalation or any other form of exploitation.

The Red Hat Security Reponse Team does not consider this issue to be a security flaw.

Comment 7 Huzaifa S. Sidhpurwala 2014-05-12 04:44:04 UTC

Red Hat does not consider a user assisted client crash such as this to be a security flaw. For more details please refer to https://bugzilla.redhat.com/show_bug.cgi?id=1084286#c6

Note You need to log in before you can comment on or make changes to this bug.