Debian Bug report logs - #725357
CVE-2013-4392: TOCTOU race condition when updating file permissions and SELinux security contexts

Package: systemd; Maintainer for systemd is Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>; Source for systemd is src:systemd.

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Fri, 4 Oct 2013 13:51:01 UTC

Severity: normal

Tags: security

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>:
Bug#725357; Package systemd. (Fri, 04 Oct 2013 13:51:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>. (Fri, 04 Oct 2013 13:51:06 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: systemd: Multiple security issues
Date: Fri, 04 Oct 2013 15:41:54 +0200
Package: systemd
Severity: grave
Tags: security

Four security issues have been discovered in systemd by Florian Weimer:

CVE-2013-4394 [systemd: Improper sanitization of invalid XKB layouts descriptions]
https://bugzilla.redhat.com/show_bug.cgi?id=862324
http://cgit.freedesktop.org/systemd/systemd/commit/?id=0b507b17a760b21e33fc52ff377db6aa5086c680

CVE-2013-4393 [systemd: Possibility of denial of logging service by processing native messages from file]
https://bugzilla.redhat.com/show_bug.cgi?id=859104
http://cgit.freedesktop.org/systemd/systemd/commit/?id=1dfa7e79a60de680086b1d93fcc3629b463f58bd

CVE-2013-4392 [systemd: TOCTOU race condition when updating file permissions and SELinux security contexts]
https://bugzilla.redhat.com/show_bug.cgi?id=859060
No upstream fix is available, but we don't support /etc/tmpfiles.d anyway

CVE-2013-4391 [systemd: Integer overflow, leading to heap-based buffer overflow by processing native messages]
https://bugzilla.redhat.com/show_bug.cgi?id=859051
http://cgit.freedesktop.org/systemd/systemd/commit/?id=505b6a61c22d5565e9308045c7b9bf79f7d0517e

Cheers,
        Moritz



Information forwarded to debian-bugs-dist@lists.debian.org, Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>:
Bug#725357; Package systemd. (Tue, 15 Oct 2013 18:39:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Biebl <biebl@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>. (Tue, 15 Oct 2013 18:39:07 GMT) Full text and rfc822 format available.

Message #10 received at 725357@bugs.debian.org (full text, mbox):

From: Michael Biebl <biebl@debian.org>
To: Moritz Muehlenhoff <jmm@inutil.org>, 725357@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: Bug#725357: systemd: Multiple security issues
Date: Tue, 15 Oct 2013 20:32:35 +0200
[Message part 1 (text/plain, inline)]
severity 725357 normal
retitle 725357 CVE-2013-4392: TOCTOU race condition when updating file permissions and SELinux security contexts
thanks

On Fri, Oct 04, 2013 at 03:41:54PM +0200, Moritz Muehlenhoff wrote:
> Package: systemd
> Severity: grave
> Tags: security
> 
> Four security issues have been discovered in systemd by Florian Weimer:
> 
> CVE-2013-4394 [systemd: Improper sanitization of invalid XKB layouts descriptions]
> https://bugzilla.redhat.com/show_bug.cgi?id=862324
> http://cgit.freedesktop.org/systemd/systemd/commit/?id=0b507b17a760b21e33fc52ff377db6aa5086c680
 
Fixed in 204-5 and 44-11+deb7u4

> CVE-2013-4393 [systemd: Possibility of denial of logging service by processing native messages from file]
> https://bugzilla.redhat.com/show_bug.cgi?id=859104
> http://cgit.freedesktop.org/systemd/systemd/commit/?id=1dfa7e79a60de680086b1d93fcc3629b463f58bd

Fixed in 204-5 and 44-11+deb7u4
 
> CVE-2013-4392 [systemd: TOCTOU race condition when updating file permissions and SELinux security contexts]
> https://bugzilla.redhat.com/show_bug.cgi?id=859060
> No upstream fix is available, but we don't support /etc/tmpfiles.d anyway

We do use the tmpfiles mechanism in systemd, but the combination of both
selinux and systemd is very unlikely.

> CVE-2013-4391 [systemd: Integer overflow, leading to heap-based buffer overflow by processing native messages]
> https://bugzilla.redhat.com/show_bug.cgi?id=859051
> http://cgit.freedesktop.org/systemd/systemd/commit/?id=505b6a61c22d5565e9308045c7b9bf79f7d0517e

Fixed in 204-5 and 44-11+deb7u4

Seeing that all issues aside CVE-2013-4392 are already fixed in sid and
the likelyhood to hit CVE-2013-4392 is very minimal, I'm downgrading the
severity to normal and retitle the bug accordingly.

Michael

[signature.asc (application/pgp-signature, inline)]

Severity set to 'normal' from 'grave' Request was from Michael Biebl <biebl@debian.org> to control@bugs.debian.org. (Tue, 15 Oct 2013 18:39:10 GMT) Full text and rfc822 format available.

Changed Bug title to 'CVE-2013-4392: TOCTOU race condition when updating file permissions and SELinux security contexts' from 'systemd: Multiple security issues' Request was from Michael Biebl <biebl@debian.org> to control@bugs.debian.org. (Tue, 15 Oct 2013 18:39:11 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 13:04:58 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.