Описание
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| systemd | fixed | 244.2-1 | package | |
| systemd | fixed | 241-7~deb10u4 | buster | package |
| systemd | not-affected | jessie | package |
Примечания
https://github.com/systemd/systemd/commit/773b1a7916bfce3aa2a21ecf534d475032e8528e (preparation)
https://github.com/systemd/systemd/commit/95f82ae9d774f3508ce89dcbdd0714ef7385df59 (preparation)
https://github.com/systemd/systemd/commit/7f56982289275ce84e20f0554475864953e6aaab (preparation)
https://github.com/systemd/systemd/commit/f4425c72c7395ec93ae00052916a66e2f60f200b (preparation)
https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54 (introduce new API)
https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb (use new function to fix CVE-2020-1712)
https://github.com/systemd/systemd/commit/5c1163273569809742c164260cfd9f096520cb82 (documentation)
https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d (documentation)
Introduced by https://github.com/systemd/systemd/commit/70244d1d25eb80b57e160ea004d0e6bf793d4caf (v220)
https://bugzilla.redhat.com/show_bug.cgi?id=1794578
https://bugs.chromium.org/p/project-zero/issues/detail?id=1971
https://www.openwall.com/lists/oss-security/2020/02/05/1
Связанные уязвимости
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
A heap use-after-free vulnerability was found in systemd before version v245-rc1 where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges by sending specially crafted dbus messages.
