Log

ASA-202002-4 edited at 12 Feb 2020 21:44:44
CVE-2020-1712 edited at 12 Feb 2020 21:40:11
Description
- A heap use-after-free vulnerability was found in systemd before version 245, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
+ A heap use-after-free vulnerability was found in systemd before version 244.2, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
ASA-202002-8 edited at 12 Feb 2020 21:37:32
Impact
+ A local attacker is able to crash the system or execute arbitrary code by abusing polkit caching mechanisms.
CVE-2020-1712 edited at 12 Feb 2020 19:57:22
Remote
- Remote
+ Local
ASA-202002-8 created at 12 Feb 2020 19:56:29
AVG-1094 edited at 12 Feb 2020 19:56:14
Status
- Vulnerable
+ Fixed
Affected
- 244.2-1
+ 244.1-1
Fixed
+ 244.2-1
CVE-2020-1712 edited at 12 Feb 2020 19:55:43
References
https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2
+ https://github.com/systemd/systemd-stable/commit/e2d4cb9843c50eff76e9104fec6b448c0d7c8814
ASA-202002-7 edited at 12 Feb 2020 16:52:49
Impact
+ A remote attacker can execute code on the affected host via maliciously crafted web content.
ASA-202002-7 created at 12 Feb 2020 16:52:24
ASA-202002-6 edited at 12 Feb 2020 16:52:14
Impact
+ A remote, unauthenticated user can cause a denial of service via a crafted message.