Bug 1084286 - systemd: Stack-based buffer overflow in systemd-ask-password
Summary: systemd: Stack-based buffer overflow in systemd-ask-password
Status: CLOSED NOTABUG
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20140325,repor...
Keywords: Security
: 1085120 (view as bug list)
Depends On:
Blocks: 1083378
TreeView+ depends on / blocked
 
Reported: 2014-04-04 05:20 UTC by Huzaifa S. Sidhpurwala
Modified: 2015-03-04 08:22 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-05-12 04:44:04 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Huzaifa S. Sidhpurwala 2014-04-04 05:20:15 UTC
A stack-based buffer overflow was found in systemd-ask-password, a utility used to query a system password or passphrase from the user, using a question message specified on the command line. A local user could this flaw to crash the binary or even execute arbitrary code with the permissions of the user running the program.

This issue is fixed upstream via the following commit:

http://cgit.freedesktop.org/systemd/systemd/commit/?id=036eeac5a1799fa2c0ae11a14d8c667b5d303189

Comment 1 Huzaifa S. Sidhpurwala 2014-04-04 05:33:56 UTC
References:

https://www.mail-archive.com/systemd-devel@lists.freedesktop.org/msg16595.html

Comment 3 Roy 2014-04-08 08:51:53 UTC
*** Bug 1085120 has been marked as a duplicate of this bug. ***

Comment 4 Fedora Update System 2014-04-14 22:40:10 UTC
systemd-208-16.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Huzaifa S. Sidhpurwala 2014-05-12 04:42:50 UTC
After investigation it seems that the only impact of this flaw is crash of the "systemd-ask-password" utility. Systemd does not use this utility in anyway which could result in privilege escalation or any other form of exploitation.

The Red Hat Security Reponse Team does not consider this issue to be a security flaw.

Comment 7 Huzaifa S. Sidhpurwala 2014-05-12 04:44:04 UTC
Statement:

Red Hat does not consider a user assisted client crash such as this to be a security flaw. For more details please refer to https://bugzilla.redhat.com/show_bug.cgi?id=1084286#c6


Note You need to log in before you can comment on or make changes to this bug.