rpm package
opensuse/systemd&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/systemd&distro=openSUSE%20Tumbleweed
Vulnerabilities (29)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-15686 | — | < 249.4-2.2 | 249.4-2.2 | Oct 26, 2018 | A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versi | ||
| CVE-2018-6954 | — | < 249.4-2.2 | 249.4-2.2 | Feb 13, 2018 | systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory w | ||
| CVE-2017-18078 | — | < 249.4-2.2 | 249.4-2.2 | Jan 29, 2018 | systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for whi | ||
| CVE-2017-15908 | Hig | 7.5 | < 249.4-2.2 | 249.4-2.2 | Oct 26, 2017 | In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service. | |
| CVE-2015-7510 | Cri | 9.8 | < 228-17.1 | 228-17.1 | Sep 25, 2017 | Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd. | |
| CVE-2017-9445 | Hig | 7.5 | < 249.4-2.2 | 249.4-2.2 | Jun 28, 2017 | In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer th | |
| CVE-2016-10156 | Hig | 7.8 | < 249.4-2.2 | 249.4-2.2 | Jan 23, 2017 | A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229. | |
| CVE-2013-4288 | — | < 228-17.1 | 228-17.1 | Oct 3, 2013 | Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, | ||
| CVE-2012-1174 | — | < 228-17.1 | 228-17.1 | Jul 12, 2012 | The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user session." |
- CVE-2018-15686Oct 26, 2018affected < 249.4-2.2fixed 249.4-2.2
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versi
- CVE-2018-6954Feb 13, 2018affected < 249.4-2.2fixed 249.4-2.2
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory w
- CVE-2017-18078Jan 29, 2018affected < 249.4-2.2fixed 249.4-2.2
systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for whi
- affected < 249.4-2.2fixed 249.4-2.2
In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.
- affected < 228-17.1fixed 228-17.1
Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd.
- affected < 249.4-2.2fixed 249.4-2.2
In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer th
- affected < 249.4-2.2fixed 249.4-2.2
A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229.
- CVE-2013-4288Oct 3, 2013affected < 228-17.1fixed 228-17.1
Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API,
- CVE-2012-1174Jul 12, 2012affected < 228-17.1fixed 228-17.1
The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user session."
Page 2 of 2