Systemd Project: >> Systemd >> 15 Security Vulnerabilities
Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow.
CVSS Score
7.5
EPSS Score
0.037
Published
2013-10-28
systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
CVSS Score
3.3
EPSS Score
0.001
Published
2013-10-28
journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor.
CVSS Score
2.1
EPSS Score
0.002
Published
2013-10-28
The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters."
CVSS Score
5.9
EPSS Score
0.001
Published
2013-10-28
systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
CVSS Score
6.9
EPSS Score
0.0
Published
2013-10-03
Page 3