Systemd Project Systemd vulnerabilities

CVE-2016-7796 [MEDIUM] CWE-20 CVE-2016-7796: The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service ( The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.

CVE-2016-7795 [MEDIUM] CWE-20 CVE-2016-7795: The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket.

CVE-2012-0871 [MEDIUM] CWE-59 CVE-2012-0871: The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibl The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.

CVE-2013-4391 [HIGH] CWE-190 CVE-2013-4391: Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows rem Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow.

CVE-2013-4392 [MEDIUM] CWE-59 CVE-2013-4392: systemd, when updating file permissions, allows local users to change the permissions and SELinux se systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.

CVE-2013-4394 [MEDIUM] CWE-276 CVE-2013-4394: The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters."

CVE-2013-4393 [LOW] CVE-2013-4393: journald in systemd, when the origin of native messages is set to file, allows local users to cause journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor.

CVE-2013-4327 [MEDIUM] CVE-2013-4327: systemd does not properly use D-Bus for communication with a polkit authority, which allows local us systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.