Page 6 of 35 results (0.016 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229. Un fallo en systemd v228 en /src/basic/fs-util.c causó que los archivos suid de escritura universal se crearan cuando se usan las características de los temporizadores systemd, permitiendo a atacantes locales escalar sus privilegios a root. Esto se soluciona en v229. • https://www.exploit-db.com/exploits/41171 http://www.securityfocus.com/bid/95790 http://www.securitytracker.com/id/1037686 https://bugzilla.suse.com/show_bug.cgi?id=1020601 https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 2

The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket. La función manager_invoke_notify_message en systemd 231 y versiones anteriores permite a usuarios locales provocar una denegación de servicio (fallo de afirmación y colgado de PID 1) a través de un mensaje de longitud cero recibido sobre una notificación de encaje. A flaw was found in the way systemd handled empty notification messages. A local attacker could use this flaw to make systemd freeze its execution, preventing further management of system services, system shutdown, or zombie process collection via systemd. • http://rhn.redhat.com/errata/RHSA-2016-2610.html http://rhn.redhat.com/errata/RHSA-2016-2694.html http://www.openwall.com/lists/oss-security/2016/09/28/9 http://www.openwall.com/lists/oss-security/2016/09/30/1 http://www.securityfocus.com/bid/93223 http://www.securitytracker.com/id/1037320 http://www.ubuntu.com/usn/USN-3094-1 https://github.com/systemd/systemd/issues/4234 https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet https:/ • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •

CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 2

The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled. La función manager_dispatch_notify_fd en systemd permite a usuarios locales provocar una denegación de servicio (colgado de sistema) a través de un mensaje de longitud cero recibido sobre una notificación de encaje, lo que provoca que se devuelva un error y que el controlador de notificación se desactive. A flaw was found in the way systemd handled empty notification messages. A local attacker could use this flaw to make systemd freeze its execution, preventing further management of system services, system shutdown, or zombie process collection via systemd. • http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00016.html http://rhn.redhat.com/errata/RHSA-2017-0003.html http://www.openwall.com/lists/oss-security/2016/09/30/1 http://www.securityfocus.com/bid/93250 http://www.securitytracker.com/id/1037320 https://bugzilla.redhat.com/show_bug.cgi?id=1381911 https://github.com/systemd/systemd/issues/4234#issuecomment-250441246 https://rhn.redhat.com/e • CWE-20: Improper Input Validation CWE-253: Incorrect Check of Function Return Value •

CVSS: 6.3EPSS: 0%CPEs: 38EXPL: 0

The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/. La función session_link_x11_socket en login/logind-session.c en systemd-logind en systemd, posiblemente 37 y anteriores, permite a usuarios locales crear o sobrescribir archivos arbitrarios a través de un ataque symlink sobre el directorio de usuario X11 en /run/user/. • http://cgit.freedesktop.org/systemd/systemd/commit/?id=fc3c1c6e091ea16ad5600b145201ec535bbb5d7c http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00030.html http://www.osvdb.org/79768 https://bugzilla.novell.com/show_bug.cgi?id=747154 https://bugzilla.redhat.com/show_bug.cgi?id=795853 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor. journald en systemd, cuando el origen de mensajes nativos se establece en un archivo, permite a usuarios locales ocasionar una denegación de servicio (servicio de registro de bloqueo) a través de un descriptor de archivo diseñado. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357 http://www.openwall.com/lists/oss-security/2013/10/01/9 https://bugzilla.redhat.com/show_bug.cgi?id=859104 https://security.gentoo.org/glsa/201612-34 •