Bug 1085120 - SystemD still vulnerable to buff. overflow in password entry
Summary: SystemD still vulnerable to buff. overflow in password entry
Keywords:
Status: CLOSED DUPLICATE of bug 1084286
Alias: None
Product: Fedora
Classification: Fedora
Component: systemd
Version: 20
Hardware: All
OS: Linux
unspecified
urgent
Target Milestone: ---
Assignee: systemd-maint
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-04-07 21:28 UTC by Roy
Modified: 2014-04-08 08:51 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-04-08 08:51:53 UTC
Type: Bug


Attachments (Terms of Use)

Description Roy 2014-04-07 21:28:48 UTC
Description of problem:
Judging by the patch on http://cgit.freedesktop.org/systemd/systemd/commit/?id=036eeac5a1799fa2c0ae11a14d8c667b5d303189 , systemd was vulnerable to a buffer overflow. To this day, there has been no sign of back-porting this patch to Fedora (no builds on Koji for F19 or F20 since releasing this patch), even though it seems to be a serious security risk at first sight: a buffer overflow in a program running with root privileges.
Please either confirm that this bug could never be triggered in Fedora 20, or back-port this fix. Thanks.

Version-Release number of selected component (if applicable):
systemd-208-15.fc20

Comment 1 Roy 2014-04-08 08:51:53 UTC

*** This bug has been marked as a duplicate of bug 1084286 ***


Note You need to log in before you can comment on or make changes to this bug.