Debian Bug report logs -
#662029
systemd: local denial of login or local users can create arbitrary services (CVE-2012-1101)
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Tollef Fog Heen <tfheen@debian.org>
:
Bug#662029
; Package systemd
.
(Sat, 03 Mar 2012 18:12:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Helmut Grohne <helmut@subdivi.de>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Tollef Fog Heen <tfheen@debian.org>
.
(Sat, 03 Mar 2012 18:12:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: systemd
Version: 37-1
Severity: important
Tags: security
Forwarded: https://bugzilla.redhat.com/show_bug.cgi?id=680122
By invoking systemctl status somename.service any user can create an
entry in systemd's service list. If this list gets too large the login
procedure can fail. It is not tracked which user created the entries.
Thanks to Michael Biebl for helping me understand the issue. Lennart
Poettering later explained that the issue is already known and fixed in
git commit 9a46fc3b9014de1bf0ed1f3004a536b08a19ebb3.
Helmut
Information forwarded
to debian-bugs-dist@lists.debian.org, Tollef Fog Heen <tfheen@debian.org>
:
Bug#662029
; Package systemd
.
(Sun, 04 Mar 2012 08:12:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Henri Salo <henri@nerv.fi>
:
Extra info received and forwarded to list. Copy sent to Tollef Fog Heen <tfheen@debian.org>
.
(Sun, 04 Mar 2012 08:12:03 GMT) (full text, mbox, link).
Message #10 received at 662029@bugs.debian.org (full text, mbox, reply):
On Sat, Mar 03, 2012 at 06:39:57PM +0100, Helmut Grohne wrote:
> Package: systemd
> Version: 37-1
> Severity: important
> Tags: security
> Forwarded: https://bugzilla.redhat.com/show_bug.cgi?id=680122
>
> By invoking systemctl status somename.service any user can create an
> entry in systemd's service list. If this list gets too large the login
> procedure can fail. It is not tracked which user created the entries.
>
> Thanks to Michael Biebl for helping me understand the issue. Lennart
> Poettering later explained that the issue is already known and fixed in
> git commit 9a46fc3b9014de1bf0ed1f3004a536b08a19ebb3.
>
> Helmut
Does this security issue have CVE-identifier assigned? I can request one if needed.
- Henri Salo
Information forwarded
to debian-bugs-dist@lists.debian.org, Tollef Fog Heen <tfheen@debian.org>
:
Bug#662029
; Package systemd
.
(Sun, 04 Mar 2012 09:00:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Helmut Grohne <helmut@subdivi.de>
:
Extra info received and forwarded to list. Copy sent to Tollef Fog Heen <tfheen@debian.org>
.
(Sun, 04 Mar 2012 09:00:27 GMT) (full text, mbox, link).
Message #15 received at 662029@bugs.debian.org (full text, mbox, reply):
On Sun, Mar 04, 2012 at 10:08:47AM +0200, Henri Salo wrote:
> On Sat, Mar 03, 2012 at 06:39:57PM +0100, Helmut Grohne wrote:
> > Forwarded: https://bugzilla.redhat.com/show_bug.cgi?id=680122
> Does this security issue have CVE-identifier assigned? I can request one if needed.
I don't think so. As you can see in Redhat's bugzilla, the issue started
out as a simple bug. The security impact was realized later on.
Helmut
Information forwarded
to debian-bugs-dist@lists.debian.org, Tollef Fog Heen <tfheen@debian.org>
:
Bug#662029
; Package systemd
.
(Sun, 04 Mar 2012 09:33:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Henri Salo <henri@nerv.fi>
:
Extra info received and forwarded to list. Copy sent to Tollef Fog Heen <tfheen@debian.org>
.
(Sun, 04 Mar 2012 09:33:15 GMT) (full text, mbox, link).
Message #20 received at 662029@bugs.debian.org (full text, mbox, reply):
On Sun, Mar 04, 2012 at 09:49:45AM +0100, Helmut Grohne wrote:
> On Sun, Mar 04, 2012 at 10:08:47AM +0200, Henri Salo wrote:
> > On Sat, Mar 03, 2012 at 06:39:57PM +0100, Helmut Grohne wrote:
> > > Forwarded: https://bugzilla.redhat.com/show_bug.cgi?id=680122
> > Does this security issue have CVE-identifier assigned? I can request one if needed.
>
> I don't think so. As you can see in Redhat's bugzilla, the issue started
> out as a simple bug. The security impact was realized later on.
>
> Helmut
Requested in here: http://seclists.org/oss-sec/2012/q1/537
- Henri Salo
Changed Bug title to 'systemd: local denial of login or local users can create arbitrary services (CVE-2012-1101)' from 'systemd: local denial of login or local users can create arbitrary services'
Request was from Henri Salo <henri@nerv.fi>
to control@bugs.debian.org
.
(Wed, 07 Mar 2012 06:06:03 GMT) (full text, mbox, link).
Added tag(s) pending.
Request was from Anibal Monsalve Salazar <anibal@debian.org>
to control@bugs.debian.org
.
(Wed, 07 Mar 2012 19:09:04 GMT) (full text, mbox, link).
Reply sent
to Tollef Fog Heen <tfheen@debian.org>
:
You have taken responsibility.
(Thu, 08 Mar 2012 21:54:35 GMT) (full text, mbox, link).
Notification sent
to Helmut Grohne <helmut@subdivi.de>
:
Bug acknowledged by developer.
(Thu, 08 Mar 2012 21:54:36 GMT) (full text, mbox, link).
Message #29 received at 662029-close@bugs.debian.org (full text, mbox, reply):
Source: systemd
Source-Version: 43-1
We believe that the bug you reported is fixed in the latest version of
systemd, which is due to be installed in the Debian FTP archive:
libpam-systemd_43-1_amd64.deb
to main/s/systemd/libpam-systemd_43-1_amd64.deb
libsystemd-daemon-dev_43-1_amd64.deb
to main/s/systemd/libsystemd-daemon-dev_43-1_amd64.deb
libsystemd-daemon0_43-1_amd64.deb
to main/s/systemd/libsystemd-daemon0_43-1_amd64.deb
libsystemd-id128-0_43-1_amd64.deb
to main/s/systemd/libsystemd-id128-0_43-1_amd64.deb
libsystemd-id128-dev_43-1_amd64.deb
to main/s/systemd/libsystemd-id128-dev_43-1_amd64.deb
libsystemd-journal-dev_43-1_amd64.deb
to main/s/systemd/libsystemd-journal-dev_43-1_amd64.deb
libsystemd-journal0_43-1_amd64.deb
to main/s/systemd/libsystemd-journal0_43-1_amd64.deb
libsystemd-login-dev_43-1_amd64.deb
to main/s/systemd/libsystemd-login-dev_43-1_amd64.deb
libsystemd-login0_43-1_amd64.deb
to main/s/systemd/libsystemd-login0_43-1_amd64.deb
systemd-gui_43-1_amd64.deb
to main/s/systemd/systemd-gui_43-1_amd64.deb
systemd-sysv_43-1_amd64.deb
to main/s/systemd/systemd-sysv_43-1_amd64.deb
systemd_43-1.debian.tar.gz
to main/s/systemd/systemd_43-1.debian.tar.gz
systemd_43-1.dsc
to main/s/systemd/systemd_43-1.dsc
systemd_43-1_amd64.deb
to main/s/systemd/systemd_43-1_amd64.deb
systemd_43.orig.tar.xz
to main/s/systemd/systemd_43.orig.tar.xz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 662029@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tollef Fog Heen <tfheen@debian.org> (supplier of updated systemd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 07 Feb 2012 21:36:34 +0100
Source: systemd
Binary: systemd systemd-sysv libpam-systemd systemd-gui libsystemd-login0 libsystemd-login-dev libsystemd-daemon0 libsystemd-daemon-dev libsystemd-journal0 libsystemd-journal-dev libsystemd-id128-0 libsystemd-id128-dev
Architecture: source amd64
Version: 43-1
Distribution: experimental
Urgency: low
Maintainer: Tollef Fog Heen <tfheen@debian.org>
Changed-By: Tollef Fog Heen <tfheen@debian.org>
Description:
libpam-systemd - system and service manager - PAM module
libsystemd-daemon-dev - systemd utility library - development files
libsystemd-daemon0 - systemd utility library
libsystemd-id128-0 - systemd 128 bit ID utility library
libsystemd-id128-dev - systemd 128 bit ID utility library - development files
libsystemd-journal-dev - systemd journal utility library - development files
libsystemd-journal0 - systemd journal utility library
libsystemd-login-dev - systemd login utility library - development files
libsystemd-login0 - systemd login utility library
systemd - system and service manager
systemd-gui - system and service manager - GUI
systemd-sysv - system and service manager - SysV links
Closes: 642503 642749 643699 647495 650739 657284 657979 662029
Changes:
systemd (43-1) experimental; urgency=low
.
[ Tollef Fog Heen ]
* Target upload at experimental due to libkmod dependency
* New upstream release
- Update bash-completion for new verbs and arguments. Closes: #650739
- Fixes local DoS (CVE-2012-1101). Closes: #662029
- No longer complains if the kernel lacks audit support. Closes: #642503
* Fix up git-to-source package conversion script which makes gitpkg
happier.
* Add libkmod-dev to build-depends
* Add symlink from /bin/systemd to /lib/systemd/systemd.
* Add --with-distro=debian to configure flags, due to no /etc/os-release
yet.
* Add new symbols for libsystemd-login0 to symbols file.
* Install a tmpfiles.d file for the /dev/initctl → /run/initctl
migration. Closes: #657979
* Disable coredump handling, it's not ready yet.
* If /run is a symlink, don't try to do the /var/run → /run migration.
Ditto for /var/lock → /run/lock. Closes: #647495
.
[ Michael Biebl ]
* Add Build-Depends on liblzma-dev for journal log compression.
* Add Build-Depends on libgee-dev, required to build systemadm.
* Bump Standards-Version to 3.9.2. No further changes.
* Add versioned Build-Depends on automake and autoconf to ensure we have
recent enough versions. Closes: #657284
* Add packages for libsystemd-journal and libsystemd-id128.
* Update symbols file for libsystemd-login.
* Update configure flags, use rootprefix instead of rootdir.
* Copy intltool files instead of symlinking them.
* Re-indent init-functions script.
* Remove workarounds for services using X-Interactive. The LSB X-Interactive
support turned out to be broken and has been removed upstream so we no
longer need any special handling for those type of services.
* Install new systemd-journalctl, systemd-cat and systemd-cgtop binaries.
* Install /var/lib/systemd directory.
* Install /var/log/journal directory where the journal files are stored
persistently.
* Setup systemd-journald to not read from /proc/kmsg (ImportKernel=no).
* Avoid error messages from systemctl in postinst if systemd is not running
by checking for /sys/fs/cgroup/systemd before executing systemctl.
Closes: #642749
* Stop installing lib-init-rw (auto)mount units and try to cleanup
/lib/init/rw in postinst. Bump dependency on initscripts accordingly.
Closes: #643699
* Disable pam_systemd for non-interactive sessions to work around an issue
with sudo.
* Use new dh_installdeb maintscript facility to handle obsolete conffiles.
Bump Build-Depends on debhelper accordingly.
* Rename bash completion file systemctl-bash-completion.sh →
systemd-bash-completion.sh.
* Update /sbin/init symlink. The systemd binary was moved to $pkglibdir.
Checksums-Sha1:
bb974011ce5e29a604cab0e0a05b142ecef0c86a 2835 systemd_43-1.dsc
5d2d36bbe34ae6391dd8b4e639dd207adb936d08 852432 systemd_43.orig.tar.xz
35997dc00def7467174214c4d0299188036ca2d4 19761 systemd_43-1.debian.tar.gz
7a4ef753659a2c4a363345c9142191807418636e 1413450 systemd_43-1_amd64.deb
80199a3f91d98cbb0329f0ded296d1c229b5cf00 12438 systemd-sysv_43-1_amd64.deb
9d01e7d00c57c0a38ac9781a268dc3d9b86281a4 29934 libpam-systemd_43-1_amd64.deb
8c36e02defd3df3d683db084110f22ef3d568ab4 62760 systemd-gui_43-1_amd64.deb
89a8757e2c17937f2392eab42fb014bf583b3e64 26640 libsystemd-login0_43-1_amd64.deb
520e4bb6e8e345adbfd2865d69a15aeb8648fdc8 9340 libsystemd-login-dev_43-1_amd64.deb
932591ba1e628bded0eb6421f512e51f466504ba 12104 libsystemd-daemon0_43-1_amd64.deb
2aded6ada3773799d80d6177349c0bef690d5ae6 11798 libsystemd-daemon-dev_43-1_amd64.deb
1110136c89ea182d610d558381d37e765ce7f99c 39654 libsystemd-journal0_43-1_amd64.deb
baedc99a7a6c0983ec63d6a9a30e327db1aeb662 8956 libsystemd-journal-dev_43-1_amd64.deb
bf004140ac91dd9a3d53d7ee4e9cf94e92a096ec 18070 libsystemd-id128-0_43-1_amd64.deb
5a2e5c22b081162c2f821d5643632ee6007d45c0 8326 libsystemd-id128-dev_43-1_amd64.deb
Checksums-Sha256:
9600dfb2592f203f57913c8f2e2a36735232836b7bd4e9fbe9aaa862a7c1e231 2835 systemd_43-1.dsc
3070e48e43bc0811fa8da5ba4832a11dac73b1625db94d42d4c15dc279335dd7 852432 systemd_43.orig.tar.xz
69f773a0d961c514a601abc7f80ebd2ab29f6a10a6123ae1d5502cd8b21957a7 19761 systemd_43-1.debian.tar.gz
ca73313faaec564eb2479521090facf8cf951d48810c43482aa0e019062be3f8 1413450 systemd_43-1_amd64.deb
dfaec61ae458d56031496de4eb47e6b0ad8bbcc8a9ca7654d53242625453b8e8 12438 systemd-sysv_43-1_amd64.deb
918a920dcd827daa430b79119af44a87f7546d12705d615482075d21eb8cdd89 29934 libpam-systemd_43-1_amd64.deb
ed16d3e16742aea2350757a18aeca2507a383fb17e3b5fe2e8d14d7ec6144af8 62760 systemd-gui_43-1_amd64.deb
be3d7742022dbb145621000a0523d35bb14df3415c71c03903eaafedbc795949 26640 libsystemd-login0_43-1_amd64.deb
60a896ef6e0549371ba452396e2bfc149869854c16e76b670b1c59c369b4a958 9340 libsystemd-login-dev_43-1_amd64.deb
16e6abcb20b27f40f5a19f7594a1bc5e36d793be43aa307a5b7a4863836025d4 12104 libsystemd-daemon0_43-1_amd64.deb
cf46a0c222f274a20804a8b1912c1e0db86de44cbc9c070b46cef27e5962f13f 11798 libsystemd-daemon-dev_43-1_amd64.deb
15ef6d8bec90df99060b3d93c60a7fd14c2e644a0ea78b633fbd311e4771a665 39654 libsystemd-journal0_43-1_amd64.deb
4a4ea823e25e6ad0dbcded849a3485ad30451968536169ba65bb2969f88f8584 8956 libsystemd-journal-dev_43-1_amd64.deb
ae3752a394394dba7fe80ffb8b3725b3e26bb1aa40d319521d1262d6ceb16106 18070 libsystemd-id128-0_43-1_amd64.deb
7c2b57f862cedc30d18c71cfd88106e19fa4ebb06d74a5f30acd8847ef80936c 8326 libsystemd-id128-dev_43-1_amd64.deb
Files:
f55c95d29e254caa9a6d3e368ea62a2e 2835 admin extra systemd_43-1.dsc
446cc6db7625617af67e2d8e5f503a49 852432 admin extra systemd_43.orig.tar.xz
d36dfae8bdd55fcb2e9c27a20ae30811 19761 admin extra systemd_43-1.debian.tar.gz
5a894852af669c0475e4977205d98317 1413450 admin extra systemd_43-1_amd64.deb
c8686b5c13ce3584574529bcc53fdf93 12438 admin extra systemd-sysv_43-1_amd64.deb
d6491090073baf3bae3d76864821c41f 29934 admin extra libpam-systemd_43-1_amd64.deb
9e58f4f469f4fcda615c6f0f9f1d6fe6 62760 admin extra systemd-gui_43-1_amd64.deb
dbf3f2558e7138f59b3791f549c25f29 26640 libs extra libsystemd-login0_43-1_amd64.deb
8e633b470f1ed62ee7aba05f59423cda 9340 libdevel extra libsystemd-login-dev_43-1_amd64.deb
74cb5a4abd5270d6b93685b92ed86956 12104 libs extra libsystemd-daemon0_43-1_amd64.deb
54b504093a9c73905b74cf4245eb9e01 11798 libdevel extra libsystemd-daemon-dev_43-1_amd64.deb
95e14c147a9ac0065048d0fe9b6b9a5a 39654 libs extra libsystemd-journal0_43-1_amd64.deb
156271ae92ad86824313e7fd16ce163e 8956 libdevel extra libsystemd-journal-dev_43-1_amd64.deb
6b613aa348e480e676691c2763ed9deb 18070 libs extra libsystemd-id128-0_43-1_amd64.deb
771beee1bdf1dcd1b1a452424411d2d0 8326 libdevel extra libsystemd-id128-dev_43-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJPVxgbAAoJELZaSHHKGdcXlmsP/2YP7XUSEFzGASrCuJmNC3Tc
Z3gIvvNgcLHit20/Pml1XQG3hRTwCmMA/ICwlkRd071GjSMDz5flzEYkSq+jAj52
69Xlq082sEXm4PVYXCpP2vERcxGdT03AkmVVSKKpvnL4CO90dKM9/TyKcnGv03i6
LbOclcKG+amy7fvugfWs+MDD+sn5ZVs/O8tBHiNXR1G/aIdcSUisDWVXbqV5jFAu
wTrEkIPf8VVFIv9+aN0AESWMSO/QlHy5KTNWP2pcvqjjjRXQxwjaNyA6qIaiuABU
O5Nmounu/TQV9nZgRKRQcDvC2bace6XFC8E5cf4li/OEm6PWs2O8m8Wm+P2Ws3E2
RiAhMw9ji0k24+ik4nsvWOC8ll3h7qG+VUPmbEOcQuq74aNUH8zz8hZYWa+bcywP
tPGEEnze4JWDq9xCrDHobN1R3ZxTACi3r3fu2WCSxAl2HlpMfVAVhNL5V8kSpmST
kH2iI2Y0XqRp+EwN+9UYRKFo1r+H324USqySkQapFJDSza4gOEYP+agTr2axJh/s
/EIEHNoxfY7XUUnUEc6pc75JWZ1ABfOzbjCEHkEhmNP60AglxOfh/BNaEsPK55HS
ZzBM8Lmn5tX0kk4V5zsXp17ZFqnPQEeujCocXP9wQqUUKCMvPRkvgtLcdKXHh5gO
IX7W4//2PJjpIiGm/WuF
=arqo
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sat, 16 Jun 2012 07:38:15 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:16:23 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.