ALT-PU-2018-1552-1
Closed vulnerabilities
BDU:2017-01575
Уязвимость функции dns_packet_new системного сервиса system-resolved менеджера Systemmd операционной системы Linux, позволяющая нарушителю выполнить произвольный код
BDU:2017-02107
Уязвимость службы анализирования имен пользователей демона Systemd, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю запустить службу с root-привилегиями
BDU:2019-01640
Уязвимость демона Systemd, связанная с одновременным использованием общего ресурса и ошибками синхронизации, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-04524
Уязвимость программы systemd-tmpfiles демона Systemd, позволяющая нарушителю обойти существующие ограничения доступа и раскрыть защищаемую информацию
Modified: 2024-11-21
CVE-2017-1000082
systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.
Modified: 2024-11-21
CVE-2017-15908
In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.
Modified: 2024-11-21
CVE-2017-18078
systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.
- openSUSE-SU-2018:0560
- openSUSE-SU-2018:0560
- http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html
- http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html
- [oss-security] 20180129 CVE-2018-18078: systemd-tmpfiles root privilege escalation with fs.protected_hardlinks=0
- [oss-security] 20180129 CVE-2018-18078: systemd-tmpfiles root privilege escalation with fs.protected_hardlinks=0
- https://github.com/systemd/systemd/issues/7736
- https://github.com/systemd/systemd/issues/7736
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [debian-lts-announce] 20190424 [SECURITY] [DLA 1762-1] systemd security update
- [debian-lts-announce] 20190424 [SECURITY] [DLA 1762-1] systemd security update
- 43935
- 43935
- [oss-security] 20180129 Re: CVE-2017-18078: systemd-tmpfiles root privilege
- [oss-security] 20180129 Re: CVE-2017-18078: systemd-tmpfiles root privilege
Modified: 2024-12-13
CVE-2017-9217
systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section.
- 98677
- 98677
- https://github.com/systemd/systemd/commit/a924f43f30f9c4acaf70618dd2a055f8b0f166be
- https://github.com/systemd/systemd/commit/a924f43f30f9c4acaf70618dd2a055f8b0f166be
- https://github.com/systemd/systemd/pull/5998
- https://github.com/systemd/systemd/pull/5998
- https://launchpad.net/bugs/1621396
- https://launchpad.net/bugs/1621396
- https://security.netapp.com/advisory/ntap-20241213-0003/
Modified: 2024-11-21
CVE-2017-9445
In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it.
Modified: 2024-11-21
CVE-2018-1049
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.
- 1041520
- 1041520
- RHSA-2018:0260
- RHSA-2018:0260
- https://bugzilla.redhat.com/show_bug.cgi?id=1534701
- https://bugzilla.redhat.com/show_bug.cgi?id=1534701
- [debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update
- [debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update
- USN-3558-1
- USN-3558-1
Modified: 2024-11-21
CVE-2018-16888
It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.
- RHSA-2019:2091
- RHSA-2019:2091
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888
- [cassandra-user] 20190809 cassandra does not start with new systemd version
- [cassandra-user] 20190809 cassandra does not start with new systemd version
- https://security.netapp.com/advisory/ntap-20190307-0007/
- https://security.netapp.com/advisory/ntap-20190307-0007/
- USN-4269-1
- USN-4269-1
Closed bugs
systemd-sysv-install ROOT overquoting
having upgraded from 230 or 231 to 234, NFS is not unmounted when halting
create static device inodes for SysV init
Wrong order in PATH env variable