Описание
In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| systemd | fixed | 260~rc1-1 | package | |
| systemd | not-affected | trixie | package | |
| systemd | not-affected | bookworm | package | |
| systemd | not-affected | bullseye | package |
Примечания
https://github.com/systemd/systemd/security/advisories/GHSA-x4h8-rrrg-q78f
Introduced with: https://github.com/systemd/systemd/commit/59857b672ca6a3a9253ef9c888172c5e68243160 (v258-rc1)
Fixed by: https://github.com/systemd/systemd/commit/05f5156ad1a3b84b54c104ee375b9ce7b746e0cd (v260-rc1)
Связанные уязвимости
In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running.
A flaw was found in systemd, a core component of Linux operating systems. A local user, without special privileges, can exploit this vulnerability. By manipulating a specific systemd unit configuration where delegation is enabled and the user is not set, the user can trigger an internal error, leading to a Denial of Service (DoS). This means the affected system may become unresponsive or crash, impacting its availability.
In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running.
In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running.