CVE-2023-7008 – Systemd-resolved: unsigned name response in signed zone is not refused when dnssec=yes
https://notcve.org/view.php?id=CVE-2023-7008
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records. Se encontró una vulnerabilidad en systemd-resolved. Este problema puede permitir que systemd-resolved acepte registros de dominios firmados por DNSSEC incluso cuando no tienen firma, lo que permite que los intermediarios (o el solucionador de DNS ascendente) manipulen los registros. • https://access.redhat.com/errata/RHSA-2024:2463 https://access.redhat.com/errata/RHSA-2024:3203 https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/25676 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject • CWE-300: Channel Accessible by Non-Endpoint •
CVE-2023-26604 – systemd: privilege escalation via the less pager
https://notcve.org/view.php?id=CVE-2023-26604
systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output. A vulnerability was found in the systemd package. The systemd package does not adequately block local privilege escalation for some Sudo configurations, for example, plausible sudoers files, in which the "systemctl status" command may be executed. • https://github.com/Zenmovie/CVE-2023-26604 http://packetstormsecurity.com/files/174130/systemd-246-Local-Root-Privilege-Escalation.html https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality https://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340 https://lists.debian.org/debian-lts-announce/2023/03/msg00032.html https://medium.com/%40zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7 https://security.netapp.com/advisory/ntap-20230505-0009 https:& •
CVE-2022-4415 – systemd: local information leak due to systemd-coredump not respecting fs.suid_dumpable kernel setting
https://notcve.org/view.php?id=CVE-2022-4415
A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. • https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c https://www.openwall.com/lists/oss-security/2022/12/21/3 https://access.redhat.com/security/cve/CVE-2022-4415 https://bugzilla.redhat.com/show_bug.cgi?id=2155515 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-45873 – systemd: deadlock in systemd-coredump via a crash with a long backtrace
https://notcve.org/view.php?id=CVE-2022-45873
systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file. systemd 250 y 251 permiten a los usuarios locales lograr un punto muerto en systemd-coredump al desencadenar un bloqueo que tiene un largo backtrace. Esto ocurre en parse_elf_object enshared/elf-util.c. • https://github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437 https://github.com/systemd/systemd/pull/24853#issuecomment-1326561497 https://github.com/systemd/systemd/pull/25055#issuecomment-1313733553 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MS5N5SLYAHKENLAJWYBDKU55ICU3SVZF https://access.redhat.com/security/cve/CVE-2022-45873 https://bugzilla.redhat.com/show_bug.cgi?id=2149063 • CWE-400: Uncontrolled Resource Consumption CWE-833: Deadlock •
CVE-2022-3821 – systemd: buffer overrun in format_timespan() function
https://notcve.org/view.php?id=CVE-2022-3821
An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service. Se descubrió un problema de error de uno en uno en Systemd en la función format_timespan() de time-util.c. Un atacante podría proporcionar valores específicos de tiempo y precisión que provoquen una saturación del búfer en format_timespan(), lo que provocará una Denegación de Servicio (DoS). An off-by-one error flaw was found in systemd in the format_timespan() function of time-util.c. • https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e https://github.com/systemd/systemd/issues/23928 https://github.com/systemd/systemd/pull/23933 https://lists.debian.org/debian-lts-announce/2023/06/msg00036.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVBQC2VLSDVQAPJTEMTREXDL4HYLXG2P https://security.gentoo.org/glsa/202305-15 https://access.redhat.com/security/cve/CVE-2022- • CWE-193: Off-by-one Error •