2.1
CVSSv2

CVE-2018-16866

Published: 11/01/2019 Updated: 13/05/2019
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 3.3 | Impact Score: 1.4 | Exploitability Score: 1.8
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

An out of bounds read exists in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.

Vulnerability Trend

Affected Products

Vendor Product Versions
FreedesktopSystemd221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239
NetappActive Iq Performance Analytics Services-
NetappElement Software*
CanonicalUbuntu Linux16.04, 18.04, 18.10
DebianDebian Linux9.0

Vendor Advisories

Several security issues were fixed in systemd ...
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':' A local attacker can use this flaw to disclose process memory data ...
An out-of-bounds read has been found in the journald component of systemd >= v221 and < v240, in the syslog_parse_identifier() function in journald-syslogc A crafted syslog message whose last character is ':' can trigger this vulnerability to leak information about the content of the memory ...
Arch Linux Security Advisory ASA-201901-4 ========================================= Severity: Medium Date : 2019-01-08 CVE-ID : CVE-2018-6954 CVE-2018-16866 Package : systemd Type : multiple issues Remote : No Link : securityarchlinuxorg/AVG-615 Summary ======= The package systemd before version 2400-3 is vulnerable to mult ...
Multiple vulnerabilities were identified with the Systemd package that is included in all versions of the IBM MQ CloudPak ...
Large syslogd messages sent to journald can cause stack corruption, causing journald to crash The version of systemd on Amazon Linux 2 is not vulnerable to privilege escalation in this case (CVE-2018-16864 ) Large native messages to journald can cause stack corruption, leading to possible local privilege escalation(CVE-2018-16865 ) Please note ...
AT&T has released version 1801-v for the Vyatta 5600 Details of this release can be found at cloudibmcom/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patches#at-t-vyatta-5600-vrouter-software-patches ...

Mailing Lists

Hi all, Our systemd-journald exploit for CVE-2018-16865 and CVE-2018-16866 is now available at: wwwqualyscom/2019/05/09/system-down/system-downtargz It is also attached to this email A few notes about this exploit: - It supports several targets by default (vulnerable versions of Debian, Ubuntu, Fedora, CentOS), and it should be r ...
Qualys Security Advisory System Down: A systemd-journald exploit ======================================================================== Contents ======================================================================== Summary CVE-2018-16864 - Analysis - Exploitation CVE-2018-16865 - Analysis - Exploitation CVE-2018-16866 - Analysis - Exploita ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4367-1 security () debian org wwwdebianorg/security/ Salvatore Bonaccorso January 13, 2019 wwwdebianorg/security/faq ...
Hi all, Our systemd-journald exploit for CVE-2018-16865 and CVE-2018-16866 is now available at: wwwqualyscom/2019/05/09/system-down/system-downtargz It is also attached to this email A few notes about this exploit: - It supports several targets by default (vulnerable versions of Debian, Ubuntu, Fedora, CentOS), and it should be r ...
Qualys Security Advisory System Down: A systemd-journald exploit ======================================================================== Contents ======================================================================== Summary CVE-2018-16864 - Analysis - Exploitation CVE-2018-16865 - Analysis - Exploitation CVE-2018-16866 - Analysis - Exploita ...
Hi all, Our systemd-journald exploit for CVE-2018-16865 and CVE-2018-16866 is now available at: wwwqualyscom/2019/05/09/system-down/system-downtargz It is also attached to this email A few notes about this exploit: - It supports several targets by default (vulnerable versions of Debian, Ubuntu, Fedora, CentOS), and it should be r ...

Recent Articles

The D in SystemD stands for Danger, Will Robinson! Defanged exploit code for security holes now out in the wild
The Register • Thomas Claburn in San Francisco • 31 Jan 2019

Capsule8 demos takeover technique to help sysadmins check for vulnerabilities

Those who haven't already patched a trio of recent vulnerabilities in the Linux world's SystemD have an added incentive to do so: security biz Capsule8 has published exploit code for the holes.
Don't panic, though: the exploit code has been defanged so that it is defeated by basic security measures, and thus shouldn't work in the wild against typical Linux installations. However, Capsule8 or others may reveal ways to bypass those protections, so consider this a heads-up, or an insight into...

The D in SystemD stands for Dammmit... Security holes found in much-adored Linux toolkit
The Register • Thomas Claburn in San Francisco • 10 Jan 2019

Patches pending for distros to deal with threat of local privilege escalation to root

Security biz Qualys has revealed three vulnerabilities in a component of systemd, a system and service manager used in most major Linux distributions.
Patches for the three flaws – CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866 – should appear in distro repos soon as a result of coordinated disclosure. However, Linux distributions such as Debian remain vulnerable at the moment, depending on the version you have installed.
"They're aware of the issues and they're releasing pat...