1085120 – SystemD still vulnerable to buff. overflow in password entry

Bug 1085120 - SystemD still vulnerable to buff. overflow in password entry

Summary: SystemD still vulnerable to buff. overflow in password entry

Keywords:
Status:	CLOSED DUPLICATE of bug 1084286
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	systemd
Sub Component:
Version:	20
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	urgent
Target Milestone:	---
Assignee:	systemd-maint
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-04-07 21:28 UTC by Roy
Modified:	2014-04-08 08:51 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2014-04-08 08:51:53 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Roy 2014-04-07 21:28:48 UTC

Description of problem:
Judging by the patch on http://cgit.freedesktop.org/systemd/systemd/commit/?id=036eeac5a1799fa2c0ae11a14d8c667b5d303189 , systemd was vulnerable to a buffer overflow. To this day, there has been no sign of back-porting this patch to Fedora (no builds on Koji for F19 or F20 since releasing this patch), even though it seems to be a serious security risk at first sight: a buffer overflow in a program running with root privileges.
Please either confirm that this bug could never be triggered in Fedora 20, or back-port this fix. Thanks.

Version-Release number of selected component (if applicable):
systemd-208-15.fc20

Comment 1 Roy 2014-04-08 08:51:53 UTC


*** This bug has been marked as a duplicate of bug 1084286 ***

Note You need to log in before you can comment on or make changes to this bug.