Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 17 Apr 2014 07:39:39 -0400
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request: systemd stack-based buffer overflow in systemd-ask-password

Hello,

>From the Red Hat bug:
A stack-based buffer overflow was found in systemd-ask-password, a utility used
to query a system password or passphrase from the user, using a question message
specified on the command line. A local user could this flaw to crash the binary
or even execute arbitrary code with the permissions of the user running the program.

Bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=1084286

Fix:
http://cgit.freedesktop.org/systemd/systemd/commit/?id=036eeac5a1799fa2c0ae11a14d8c667b5d303189

Could a CVE please be assigned to this issue?

Thanks,

Marc.

-- 
Marc Deslauriers
Ubuntu Security Engineer     | http://www.ubuntu.com/
Canonical Ltd.               | http://www.canonical.com/

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ