NA

CVE-2018-16865

Published: 11/01/2019 Updated: 23/01/2019

Vulnerability Summary

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.

Vulnerability Trend

Mitigation

Administrators are advised to apply the appropriate updates.
Administrators are advised to allow only trusted users to access local systems.
Administrators are advised to allow only privileged users to access administration or management systems.
Administrators are advised to monitor critical systems.

Exploitation

To exploit this vulnerability, the attacker must have user-level access
to the targeted system. This access requirement may reduce the
likelihood of a successful exploit.

Mailing Lists

Recent Articles

The D in SystemD stands for Dammmit... Security holes found in much-adored Linux toolkit
The Register • Thomas Claburn in San Francisco • 10 Jan 2019

Patches pending for distros to deal with threat of local privilege escalation to root

Security biz Qualys has revealed three vulnerabilities in a component of systemd, a system and service manager used in most major Linux distributions.
Patches for the three flaws – CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866 – should appear in distro repos soon as a result of coordinated disclosure. However, Linux distributions such as Debian remain vulnerable at the moment, depending on the version you have installed.
"They're aware of the issues and they're releasing pat...

References