Debian Systemd vulnerabilities

CVE-2017-1000082 [CRITICAL] CVE-2017-1000082: systemd - systemd v233 and earlier fails to safely parse usernames starting with a numeric... systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended. Scope: local bookworm: resolved (fixed in 234-1) bullseye: resolved (fixed in 234-1) forky: resolved (fixed in 234-1) sid: resolved (fixed in 234-1) trixie: resolved (fixed i

CVE-2016-10156 [HIGH] CVE-2016-10156: systemd - A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files ... A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229. Scope: local bookworm: resolved (fixed in 229-1) bullseye: resolved (fixed in 229-1) forky: resolved (fixed in 229-1) sid: resolved (fixed in 229-1)

CVE-2016-7796 [MEDIUM] CVE-2016-7796: systemd - The manager_dispatch_notify_fd function in systemd allows local users to cause a... The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled. Scope: local bookworm: resolved (fixed in 231-9) bullseye: resolved (fixed in 231-9) forky: resolved (fixed in 231-9

CVE-2016-7795 [MEDIUM] CVE-2016-7795: systemd - The manager_invoke_notify_message function in systemd 231 and earlier allows loc... The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket. Scope: local bookworm: resolved (fixed in 231-9) bullseye: resolved (fixed in 231-9) forky: resolved (fixed in 231-9) sid: resolved (fixed in 231-9) trixie: r

CVE-2015-7510 [CRITICAL] CVE-2015-7510: systemd - Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS mo... Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd. Scope: local bookworm: resolved (fixed in 229-1) bullseye: resolved (fixed in 229-1) forky: resolved (fixed in 229-1) sid: resolved (fixed in 229-1) trixie: resolved (fixed in 229-1)

CVE-2015-8842 [LOW] CVE-2015-8842: systemd - tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log... tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file. Scope: local bookworm: resolved (fixed in 215-1) bullseye: resolved (fixed in 215-1) forky: resolved (fixed in 215-1) sid: resolved (fixed in 215-1) trixie: resolved (fixed in 215-1)

CVE-2014-9770 [LOW] CVE-2014-9770: systemd - tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal ... tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journal/%m, which allows local users to obtain sensitive information by reading these files. Scope: local bookworm: resolved (fixed in 215-1) bullseye: resolved (fixed in 215-1) forky: resolved (fixed in 215-1) sid: resolved (fixed in 215

CVE-2013-4327 [HIGH] CVE-2013-4327: systemd - systemd does not properly use D-Bus for communication with a polkit authority, w... systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. Scope: local bookworm: resolved (fixed in 204-5) bullseye: resolved (fixed in 204-

CVE-2013-4391 [HIGH] CVE-2013-4391: systemd - Integer overflow in the valid_user_field function in journal/journald-native.c i... Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 204-5) bullseye: resolved (fixed in 204-5) forky: resolved (fixe

CVE-2013-4394 [MEDIUM] CVE-2013-4394: systemd - The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is... The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters." Scope: local bookworm: resolv

CVE-2013-4393 [LOW] CVE-2013-4393: systemd - journald in systemd, when the origin of native messages is set to file, allows l... journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor. Scope: local bookworm: resolved (fixed in 204-5) bullseye: resolved (fixed in 204-5) forky: resolved (fixed in 204-5) sid: resolved (fixed in 204-5) trixie: resolved (fixed in 204-5)

CVE-2013-4392 [MEDIUM] CVE-2013-4392: systemd - systemd, when updating file permissions, allows local users to change the permis... systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2012-0871 [MEDIUM] CVE-2012-0871: systemd - The session_link_x11_socket function in login/logind-session.c in systemd-logind... The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/. Scope: local bookworm: resolved (fixed in 43-1) bullseye: resolved (fixed in 43-1) forky: resolved (fixed in 43-1) sid: resolved (

CVE-2012-1101 [MEDIUM] CVE-2012-1101: systemd - systemd 37-1 does not properly handle non-existent services, which causes a deni... systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure). Scope: local bookworm: resolved (fixed in 43-1) bullseye: resolved (fixed in 43-1) forky: resolved (fixed in 43-1) sid: resolved (fixed in 43-1) trixie: resolved (fixed in 43-1)

CVE-2012-1174 [LOW] CVE-2012-1174: systemd - The rm_rf_children function in util.c in the systemd-logind login manager in sys... The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user session." Scope: local bookworm: resolved (fixed in 44-1) bullseye: resolved (fixed in 44-1) forky: resolved (fixed in 4