oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: systemd stack-based buffer overflow in systemd-ask-password

From: Marc Deslauriers <marc.deslauriers () canonical com>
Date: Thu, 17 Apr 2014 08:01:46 -0400
On 14-04-17 07:39 AM, Marc Deslauriers wrote:

Hello,

From the Red Hat bug:
A stack-based buffer overflow was found in systemd-ask-password, a utility used
to query a system password or passphrase from the user, using a question message
specified on the command line. A local user could this flaw to crash the binary
or even execute arbitrary code with the permissions of the user running the program.

Bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=1084286

Fix:
http://cgit.freedesktop.org/systemd/systemd/commit/?id=036eeac5a1799fa2c0ae11a14d8c667b5d303189

Could a CVE please be assigned to this issue?


Actually, never mind that request...crashing your own prompt isn't a security issue.

Marc.
Previous By Date Next
Previous By Thread Next

Current thread: