CVE-2013-4393
First published: Thu Sep 20 2012(Updated: )
A possibility for denial of loggin service was found in the way journald functionality of systemd, a system and service manager, processed native messages when file was chosen as their origin. A local attacker could use this flaw to provide a specially-crafted file descriptor, leading the journald file read process to block, resultingin portion of subsequent native messages intended to be logged to be ignored. Issue found by Florian Weimer, Red Hat Product Security Team
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Systemd Project Systemd | <194 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2013/10/01/9
- http://cgit.freedesktop.org/systemd/systemd/commit/src/journal/journald-native.c?id=1dfa7e79a60de680086b1d93fcc3629b463f58bd
- http://cgit.freedesktop.org/systemd/systemd/commit/src/journal/journald-native.c?id=4871690d9e32608bbd9b18505b5326c2079c9690
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=859104#c5
- http://cgit.freedesktop.org/systemd/systemd/commit/src/journal/journald
- https://bugzilla.redhat.com/show_bug.cgi?id=859104
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357
- https://security.gentoo.org/glsa/201612-34
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/event
- agent/tags
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-4393
- vendor/systemd project
- canonical/systemd project systemd