CVE-2018-15686
7
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| systemd | systemd | unspecified <= 239 | affected |
Weaknesses
- fgets() can be confused by overly-long input strings. The first read will return a partial string and subsequent reads will begin as if it were a new line.
ADP Enrichment
CVE Program Container
Additional References
- https://security.gentoo.org/glsa/201810-10
- https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html
- http://www.securityfocus.com/bid/105747
- https://www.exploit-db.com/exploits/45714/
- https://usn.ubuntu.com/3816-1/
- https://access.redhat.com/errata/RHSA-2019:2091
- https://access.redhat.com/errata/RHSA-2019:3222
- https://access.redhat.com/errata/RHSA-2020:0593
- https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://github.com/systemd/systemd/pull/10519
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://security.gentoo.org/glsa/201810-10
- https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html
- http://www.securityfocus.com/bid/105747
- https://www.exploit-db.com/exploits/45714/
- https://usn.ubuntu.com/3816-1/
- https://access.redhat.com/errata/RHSA-2019:2091
- https://access.redhat.com/errata/RHSA-2019:3222
- https://access.redhat.com/errata/RHSA-2020:0593
- https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://github.com/systemd/systemd/pull/10519
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.