Bug 862324 – CVE-2013-4394 systemd: Improper sanitization of invalid XKB layouts descriptions (privilege escalation when custom PolicyKit local authority file used)

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 862324 - (CVE-2013-4394) CVE-2013-4394 systemd: Improper sanitization of invalid XKB layouts descriptions (privilege escalation when custom PolicyKit local authority file used)

Summary:	CVE-2013-4394 systemd: Improper sanitization of invalid XKB layouts descripti...

Status:	CLOSED CURRENTRELEASE

Aliases:	CVE-2013-4394

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=moderate,public=20130923,repor...
Keywords:	Security

Depends On:	859931
Blocks:	859151
	Show dependency tree / graph

Reported:	2012-10-02 11:58 EDT by Jan Lieskovsky
Modified:	2014-02-12 01:08 EST (History)
CC List:	3 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2014-02-12 01:08:02 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Jan Lieskovsky 2012-10-02 11:58:23 EDT

A possibility of unauthorized Xorg X11 Server configuration file modification / injection was found in the way SetX11Keyboard() method of systemd, a system and service manager, performed sanitization of provided X Keyboard Extension (XKB) layouts description (special and control characters were not filtered out from the layout description properly). When the host in question used PolicyKit Local Authority (PKLA) file mechanism to grant group of users the privilege to change XKB settings (instead of default PolicyKit check) and particular local attacker was member of that group, they could use this flaw to inject arbitrary values into the Xorg X11 Server configuration file, possibly leading to escalation of their privileges.

Issue found by Florian Weimer, Red Hat Product Security Team

Comment 9 Vincent Danen 2013-10-01 18:49:28 EDT

This was assigned CVE-2013-4394:

http://www.openwall.com/lists/oss-security/2013/10/01/9

Comment 10 Vincent Danen 2013-10-01 18:50:25 EDT

Acknowledgements:

This issue was discovered by Florian Weimer of the Red Hat Product Security Team.

Comment 11 Huzaifa S. Sidhpurwala 2013-10-04 05:50:00 EDT

Upstream patch:
http://cgit.freedesktop.org/systemd/systemd/commit/?id=8d789b905dba8aebd30238520b6ad52fb866af95

Comment 12 Huzaifa S. Sidhpurwala 2013-10-04 05:50:57 EDT

This issue has been addressed in the version of systemd as shipped with Fedora 18 and 19. (Current versions are not affected)

Note You need to log in before you can comment on or make changes to this bug.