Bug 406655 (CVE-2012-0871)

Summary:	=sys-apps/systemd-{37,38}-r*: X11 Session File Creation Weakness (CVE-2012-0871)
Product:	Gentoo Security	Reporter:	Agostino Sarubbo <ago>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	trivial	CC:	systemd
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://secunia.com/advisories/48208/
Whiteboard:	~1 [noglsa]
Package list:		Runtime testing required:	---

Description Agostino Sarubbo gentoo-dev

2012-03-02 20:20:32 UTC

From secunia security advisory at $URL:

Description:
The weakness is caused due to the systemd-logind component insecurely creating a X11 session file (/run/user/<username>/X11/display) and can be exploited to create a symlink inside arbitrary directories.

The weakness is reported in versions prior to 39.


Solution
Update to version 39 or later.

Comment 1 Michał Górny archtester

2012-03-04 13:55:16 UTC

I see two solutions here. Either:
a) mask older systemd versions (=> all systemd versions in tree will be hard-masked for one reason or other),
b) backport a patch.

Could you point to a specific commit in systemd git?

Comment 2 Sean Amoss (RETIRED) gentoo-dev

2012-03-04 14:08:01 UTC

From Novell's bug tracker (https://bugzilla.novell.com/show_bug.cgi?id=747154):

http://cgit.freedesktop.org/systemd/systemd/commit/?id=fc3c1c6e091ea16ad5600b145201ec535bbb5d7c

Comment 3 Agostino Sarubbo gentoo-dev

2012-03-04 14:27:17 UTC

(In reply to comment #1)
> Could you point to a specific commit in systemd git?

Btw, this issue is fixed in systemd-39.

I guess you can backport it in our ~arch version.

Comment 4 Michał Górny archtester

2012-03-04 19:39:39 UTC

Ah, it's in logind. I guess that would make only our -37 & -38 vulnerable.

Will it be enough to drop the offending versions?

Comment 5 Michał Górny archtester

2012-03-05 08:50:34 UTC

And removed.

Comment 6 Tim Sammut (RETIRED) gentoo-dev

2012-03-05 15:54:27 UTC

Great, thank you. Closing noglsa.