Bug 1084286 - systemd: Stack-based buffer overflow in systemd-ask-password
systemd: Stack-based buffer overflow in systemd-ask-password
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20140325,repor...
: Security
: 1085120 (view as bug list)
Depends On:
Blocks: 1083378
  Show dependency treegraph
 
Reported: 2014-04-04 01:20 EDT by Huzaifa S. Sidhpurwala
Modified: 2015-03-04 03:22 EST (History)
13 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-05-12 00:44:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Huzaifa S. Sidhpurwala 2014-04-04 01:20:15 EDT
A stack-based buffer overflow was found in systemd-ask-password, a utility used to query a system password or passphrase from the user, using a question message specified on the command line. A local user could this flaw to crash the binary or even execute arbitrary code with the permissions of the user running the program.

This issue is fixed upstream via the following commit:

http://cgit.freedesktop.org/systemd/systemd/commit/?id=036eeac5a1799fa2c0ae11a14d8c667b5d303189
Comment 1 Huzaifa S. Sidhpurwala 2014-04-04 01:33:56 EDT
References:

https://www.mail-archive.com/systemd-devel@lists.freedesktop.org/msg16595.html
Comment 3 Roy 2014-04-08 04:51:53 EDT
*** Bug 1085120 has been marked as a duplicate of this bug. ***
Comment 4 Fedora Update System 2014-04-14 18:40:10 EDT
systemd-208-16.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Huzaifa S. Sidhpurwala 2014-05-12 00:42:50 EDT
After investigation it seems that the only impact of this flaw is crash of the "systemd-ask-password" utility. Systemd does not use this utility in anyway which could result in privilege escalation or any other form of exploitation.

The Red Hat Security Reponse Team does not consider this issue to be a security flaw.
Comment 7 Huzaifa S. Sidhpurwala 2014-05-12 00:44:04 EDT
Statement:

Red Hat does not consider a user assisted client crash such as this to be a security flaw. For more details please refer to https://bugzilla.redhat.com/show_bug.cgi?id=1084286#c6

Note You need to log in before you can comment on or make changes to this bug.