Published: 26/10/2018 Updated: 07/11/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

A vulnerability in unit_deserialize of systemd allows an malicious user to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian debian linux 8.0
canonical ubuntu linux 18.04
canonical ubuntu linux 18.10
canonical ubuntu linux 16.04
systemd project systemd
oracle communications cloud native core network function cloud native environment 1.4.0

Debian Bug report logs - #912005 systemd: CVE-2018-15686: reexec state injection: fgets() on overlong lines leads to line splitting Package: src:systemd; Maintainer for src:systemd is Debian systemd Maintainers <pkg-systemd-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Dat ...

Synopsis Moderate: systemd security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for systemd is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...

Synopsis Moderate: systemd security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for systemd is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Sy ...

Synopsis Moderate: systemd security update Type/Severity Security Advisory: Moderate Topic An update for systemd is now available for Red Hat Enterprise Linux 74 Advanced Update Support, Red Hat Enterprise Linux 74 Telco Extended Update Support, and Red Hat Enterprise Linux 74 Update Services for SAP Sol ...

Synopsis Moderate: systemd security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for systemd is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...

USN-3816-1 caused a regression in systemd-tmpfiles ...

systemd-tmpfiles could be made to change ownership of arbitrary files ...

Several security issues were fixed in systemd ...

It was discovered that systemd is vulnerable to a state injection attack when deserializing the state of a service Properties longer than LINE_MAX are not correctly parsed and an attacker may abuse this flaw in particularly configured services to inject, change, or corrupt the service state (CVE-2018-15686) An out of bounds read was discovered in ...

It was discovered that systemd is vulnerable to a state injection attack when deserializing the state of a service Properties longer than LINE_MAX are not correctly parsed and an attacker may abuse this flaw in particularly configured services to inject, change, or corrupt the service state ...

A security issue has been found in systemd up to and including 239, where the use of fgets() allows an attacker to escalate privilege via a crafted service with NotifyAccess ...

/* [I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at githubcom/systemd/systemd/blob/master/docs/CONTRIBUTINGmd#security-vulnerability-reports ] When systemd re-executes (eg during a package upgrade), state is serialized into a memfd before the execve(), then reloaded after the execve() Seriali ...

Linux has an issue with systemd where overlong input to fgets() during reexec state injection can lead to line splitting ...

Remediation task for CVE-2018-15686, CVE-2018-16866, and CVE-2018-16888 affecting SystemD in EL7

cesa_2019_2091 This module contains a Bolt Task that will remediate CVEs described in CESA-2019:2091 and parallel issues present on other Enterprise Linux 7 (EL7) platforms Table of Contents Description Setup - The basics of getting started with cesa_2019_2091 Beginning with cesa_2019_2091 Usage - Configuration options and additional functionality Limitations - OS compatib

CWE-502 https://github.com/systemd/systemd/pull/10519 http://www.securityfocus.com/bid/105747 https://www.exploit-db.com/exploits/45714/https://security.gentoo.org/glsa/201810-10 https://usn.ubuntu.com/3816-1/https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html https://access.redhat.com/errata/RHSA-2019:2091 https://access.redhat.com/errata/RHSA-2019:3222 https://access.redhat.com/errata/RHSA-2020:0593 https://www.oracle.com//security-alerts/cpujul2021.html https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912005 https://nvd.nist.gov https://github.com/hpcprofessional/remediate_cesa_2019_2091 https://www.exploit-db.com/exploits/45714/https://usn.ubuntu.com/3816-3/

CVE-2018-15686

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect