oss-sec mailing list archives
CVE Request: systemd stack-based buffer overflow in systemd-ask-password
From: Marc Deslauriers <marc.deslauriers () canonical com>
Date: Thu, 17 Apr 2014 07:39:39 -0400
Hello,
From the Red Hat bug:
A stack-based buffer overflow was found in systemd-ask-password, a utility used to query a system password or passphrase from the user, using a question message specified on the command line. A local user could this flaw to crash the binary or even execute arbitrary code with the permissions of the user running the program. Bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1084286 Fix: http://cgit.freedesktop.org/systemd/systemd/commit/?id=036eeac5a1799fa2c0ae11a14d8c667b5d303189 Could a CVE please be assigned to this issue? Thanks, Marc. -- Marc Deslauriers Ubuntu Security Engineer | http://www.ubuntu.com/ Canonical Ltd. | http://www.canonical.com/
Current thread:
- CVE Request: systemd stack-based buffer overflow in systemd-ask-password Marc Deslauriers (Apr 17)
- Re: CVE Request: systemd stack-based buffer overflow in systemd-ask-password Marc Deslauriers (Apr 17)