Re: CVE-request: systemd local denial of login or local users can create arbitrary services

[Kurt Seifried <kseifried () redhat com>]

On 03/04/2012 02:23 AM, Henri Salo wrote:
> Can I get CVE-identifier for this issue? http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662029
>
> Version: 37-1
> Forwarded: https://bugzilla.redhat.com/show_bug.cgi?id=680122
>
> By invoking systemctl status somename.service any user can create an
> entry in systemd's service list. If this list gets too large the login
> procedure can fail. It is not tracked which user created the entries.
>
> Thanks to Michael Biebl for helping me understand the issue. Lennart
> Poettering later explained that the issue is already known and fixed in
> git commit 9a46fc3b9014de1bf0ed1f3004a536b08a19ebb3.
>
> - Henri Salo

Please use CVE-2012-1101 for this issue.

-- 
Kurt Seifried Red Hat Security Response Team (SRT)