CVE-2023-7008 – Systemd-resolved: unsigned name response in signed zone is not refused when dnssec=yes
https://notcve.org/view.php?id=CVE-2023-7008
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records. Se encontró una vulnerabilidad en systemd-resolved. Este problema puede permitir que systemd-resolved acepte registros de dominios firmados por DNSSEC incluso cuando no tienen firma, lo que permite que los intermediarios (o el solucionador de DNS ascendente) manipulen los registros. • https://access.redhat.com/errata/RHSA-2024:2463 https://access.redhat.com/errata/RHSA-2024:3203 https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/25676 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject • CWE-300: Channel Accessible by Non-Endpoint •
CVE-2023-31439
https://notcve.org/view.php?id=CVE-2023-31439
An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." • https://github.com/kastel-security/Journald https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf https://github.com/systemd/systemd/pull/28885 https://github.com/systemd/systemd/releases • CWE-354: Improper Validation of Integrity Check Value •
CVE-2023-31438
https://notcve.org/view.php?id=CVE-2023-31438
An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." • https://github.com/kastel-security/Journald https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf https://github.com/systemd/systemd/pull/28886 https://github.com/systemd/systemd/releases • CWE-354: Improper Validation of Integrity Check Value •
CVE-2023-31437
https://notcve.org/view.php?id=CVE-2023-31437
An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." • https://github.com/kastel-security/Journald https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf https://github.com/systemd/systemd/releases • CWE-354: Improper Validation of Integrity Check Value •
CVE-2023-26604 – systemd: privilege escalation via the less pager
https://notcve.org/view.php?id=CVE-2023-26604
systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output. A vulnerability was found in the systemd package. The systemd package does not adequately block local privilege escalation for some Sudo configurations, for example, plausible sudoers files, in which the "systemctl status" command may be executed. • https://github.com/Zenmovie/CVE-2023-26604 http://packetstormsecurity.com/files/174130/systemd-246-Local-Root-Privilege-Escalation.html https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality https://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340 https://lists.debian.org/debian-lts-announce/2023/03/msg00032.html https://medium.com/%40zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7 https://security.netapp.com/advisory/ntap-20230505-0009 https:& •