BusyBox 安全漏洞

BusyBox is a suite of applications containing several linux commands and tools by the individual developer Denis Vlasenko in Ukraine. A security vulnerability exists in BusyBox 1.3.7 and earlier versions, which stems from the acceptance of C0 control bytes such as raw CR and LF in the target of a...

systemd: reexec state injection: fgets() on overlong lines leads to line splitting

...

RHEL 7 : systemd (RHSA-2020:1264)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1264 advisory. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides...

systemd: line splitting via fgets() allows for state injection during daemon-reexec

It was discovered that systemd is vulnerable to a state injection attack when deserializing the state of a service. Properties longer than LINEMAX are not correctly parsed and an attacker may abuse this flaw in particularly configured services to inject, change, or corrupt the service state...

systemd: line splitting via fgets() allows for state injection during daemon-reexec

It was discovered that systemd is vulnerable to a state injection attack when deserializing the state of a service. Properties longer than LINEMAX are not correctly parsed and an attacker may abuse this flaw in particularly configured services to inject, change, or corrupt the service state...

libgudev1, systemd security update

CentOS Errata and Security Advisory CESA-2019:2091 An update for systemd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...