4.6
CVSSv2

CVE-2018-16864

Published: 11/01/2019 Updated: 20/07/2021
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 410
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

An allocation of memory without limits, that could result in the stack clashing with another memory region, exists in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

freedesktop systemd

redhat enterprise linux desktop 7.0

redhat enterprise linux server 7.0

redhat enterprise linux server 7.4

redhat enterprise linux server 7.5

redhat enterprise linux server 7.6

redhat enterprise linux server aus 7.3

redhat enterprise linux server aus 7.6

redhat enterprise linux server eus 7.4

redhat enterprise linux server eus 7.6

redhat enterprise linux server tus 7.3

redhat enterprise linux server tus 7.6

redhat enterprise linux workstation 7.0

debian debian linux 8.0

debian debian linux 9.0

canonical ubuntu linux 18.10

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

oracle enterprise communications broker 3.1.0

oracle communications session border controller 8.1.0

oracle communications session border controller 8.2.0

oracle communications session border controller 8.0.0

oracle enterprise communications broker 3.0.0

Vendor Advisories

Synopsis Moderate: redhat-virtualization-host security update Type/Severity Security Advisory: Moderate Topic An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impac ...
Synopsis Important: systemd security update Type/Severity Security Advisory: Important Topic An update for systemd is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Moderate: rhvm-appliance security update Type/Severity Security Advisory: Moderate Topic An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnera ...
Synopsis Important: systemd security update Type/Severity Security Advisory: Important Topic An update for systemd is now available for Red Hat Enterprise Linux 73 Advanced Update Support, Red Hat Enterprise Linux 73 Telco Extended Update Support, and Red Hat Enterprise Linux 73 Update Services for SAP S ...
Synopsis Important: systemd security update Type/Severity Security Advisory: Important Topic An update for systemd is now available for Red Hat Enterprise Linux 74 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Low: systemd security update Type/Severity Security Advisory: Low Topic An update for systemd is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which gives a det ...
Synopsis Important: systemd security update Type/Severity Security Advisory: Important Topic An update for systemd is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Several security issues were fixed in systemd ...
Debian Bug report logs - #918841 systemd: CVE-2018-16864 Package: src:systemd; Maintainer for src:systemd is Debian systemd Maintainers <pkg-systemd-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 9 Jan 2019 21:39:02 UTC Severity: grave Tags: security, upstream ...
Debian Bug report logs - #918848 systemd: CVE-2018-16865 Package: src:systemd; Maintainer for src:systemd is Debian systemd Maintainers <pkg-systemd-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 9 Jan 2019 21:45:14 UTC Severity: grave Tags: security, upstream ...
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog A local attacker may use this flaw to crash systemd-journald or escalate privileges ...
IBM has announced a release for IBM Security Identity Governance and Intelligence (IGI) in response to security vulnerability The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise L ...
A memory corruption vulnerability has been found in the journald component of systemd >= v230 and <= v240, in the set_iovec_field() function Passing several megabytes of command-line arguments to a program that calls syslog() led to an attacker-controlled alloca(), which could be used to override the content of the memory, in the stack-clash ...
Arch Linux Security Advisory ASA-201901-9 ========================================= Severity: High Date : 2019-01-12 CVE-ID : CVE-2018-16864 CVE-2018-16865 Package : systemd Type : arbitrary code execution Remote : No Link : securityarchlinuxorg/AVG-845 Summary ======= The package systemd before version 24034-1 is vulnerabl ...
Multiple vulnerabilities were identified with the Systemd package that is included in all versions of the IBM MQ CloudPak ...
Large syslogd messages sent to journald can cause stack corruption, causing journald to crash The version of systemd on Amazon Linux 2 is not vulnerable to privilege escalation in this case (CVE-2018-16864 ) Large native messages to journald can cause stack corruption, leading to possible local privilege escalation(CVE-2018-16865 ) Please note ...
PowerKVM is affected by vulnerabilities in systemd IBM has now addressed these vulnerabilities ...
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog A local attacker may use this flaw to crash systemd-journald or escalate privileges(CVE-2018-16864 ) It was discovered that systemd-network does ...
Oracle Linux Bulletin - Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released These bu ...
AT&T has released version 1801-v for the Vyatta 5600 Details of this release can be found at cloudibmcom/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patches#at-t-vyatta-5600-vrouter-software-patches ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4367-1 security () debian org wwwdebianorg/security/ Salvatore Bonaccorso January 13, 2019 wwwdebianorg/security/faq ...
Qualys Security Advisory System Down: A systemd-journald exploit ======================================================================== Contents ======================================================================== Summary CVE-2018-16864 - Analysis - Exploitation CVE-2018-16865 - Analysis - Exploitation CVE-2018-16866 - Analysis - Exploita ...
Qualys Security Advisory System Down: A systemd-journald exploit ======================================================================== Contents ======================================================================== Summary CVE-2018-16864 - Analysis - Exploitation CVE-2018-16865 - Analysis - Exploitation CVE-2018-16866 - Analysis - Exploita ...
Qualys Security Advisory CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1) ======================================================================== Contents ======================================================================== Summary Analysis Proof of concept Acknowledgments Timeline ================================= ...

Github Repositories

Reference code from the Up and Running with Lacework and Packer blog and YouTube video

Up and Running with Lacework and Packer This repo contains reference code from the blog post Up and Running with Lacework and Packer, and can be used to test the Lacework Host Vulnerability feature that scans a package manifest from a host There are two Packer templates in the base directory that build a Amazon Machine Images for Ubuntu 1804 and Red Hat Enterprise Linux 8 Th

Reference code for the blog / video tutorial of Up and running with Lacework and Packer

Up and Running with Lacework and Packer This repo contains reference code from the blog post Up and Running with Lacework and Packer, and can be used to test the Lacework Host Vulnerability feature that scans a package manifest from a host There are two Packer templates in the base directory that build a Amazon Machine Images for Ubuntu 1804 and Red Hat Enterprise Linux 8 Th

Completion for lacework This script is to be use with zsh and can be use with Oh My Zsh framework to get lacework command completion Oh My Zsh is a delightful, open source, community-driven framework for managing your Zsh configuration that you can get from ohmyzsh/ You also need to have jq installed: githubcom/stedolan/jq/wiki/Installation Instalation To use

Recent Articles

The D in SystemD stands for Danger, Will Robinson! Defanged exploit code for security holes now out in the wild
The Register • Thomas Claburn in San Francisco • 31 Jan 2019

Capsule8 demos takeover technique to help sysadmins check for vulnerabilities

Those who haven't already patched a trio of recent vulnerabilities in the Linux world's SystemD have an added incentive to do so: security biz Capsule8 has published exploit code for the holes.
Don't panic, though: the exploit code has been defanged so that it is defeated by basic security measures, and thus shouldn't work in the wild against typical Linux installations. However, Capsule8 or others may reveal ways to bypass those protections, so consider this a heads-up, or an insight into...

The D in SystemD stands for Danger, Will Robinson! Defanged exploit code for security holes now out in the wild
The Register • Thomas Claburn in San Francisco • 31 Jan 2019

Capsule8 demos takeover technique to help sysadmins check for vulnerabilities The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box

Those who haven't already patched a trio of recent vulnerabilities in the Linux world's SystemD have an added incentive to do so: security biz Capsule8 has published exploit code for the holes.
Don't panic, though: the exploit code has been defanged so that it is defeated by basic security measures, and thus shouldn't work in the wild against typical Linux installations. However, Capsule8 or others may reveal ways to bypass those protections, so consider this a heads-up, or an insight into...

The D in SystemD stands for Dammmit... Security holes found in much-adored Linux toolkit
The Register • Thomas Claburn in San Francisco • 10 Jan 2019

Patches pending for distros to deal with threat of local privilege escalation to root

Security biz Qualys has revealed three vulnerabilities in a component of systemd, a system and service manager used in most major Linux distributions.
Patches for the three flaws – CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866 – should appear in distro repos soon as a result of coordinated disclosure. However, Linux distributions such as Debian remain vulnerable at the moment, depending on the version you have installed.
"They're aware of the issues and they're releasing pat...

The D in SystemD stands for Dammmit... Security holes found in much-adored Linux toolkit
The Register • Thomas Claburn in San Francisco • 10 Jan 2019

Patches pending for distros to deal with threat of local privilege escalation to root The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box

Security biz Qualys has revealed three vulnerabilities in a component of systemd, a system and service manager used in most major Linux distributions.
Patches for the three flaws – CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866 – should appear in distro repos soon as a result of coordinated disclosure. However, Linux distributions such as Debian remain vulnerable at the moment, depending on the version you have installed.
"They're aware of the issues and they're releasing pat...

Linux systemd Affected by Memory Corruption Vulnerabilities, No Patches Yet
BleepingComputer • Ionut Ilascu • 10 Jan 2019

Security researchers have disclosed three vulnerabilities that affect a system service part of 'systemd,' a core component in Linux that manages system processes after the boot process.
The bugs exist in 'journald' service, tasked with collecting and storing log data, and they can be exploited to obtain root privileges on the target machine or to leak information. No patches exist at the moment.
Discovered by researchers at Qualys, the flaws are two memory corruption vulnerabilities ...