Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.3
CVSSv3

CVE-2018-16866

Published: 11/01/2019 Updated: 13/02/2023
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 3.3 | Impact Score: 1.4 | Exploitability Score: 1.8
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Systemd

Vulnerability Summary

An out of bounds read exists in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

systemd project systemd

debian debian linux 9.0

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

canonical ubuntu linux 18.10

netapp active iq performance analytics services -

netapp element software

redhat enterprise linux desktop 7.0

redhat enterprise linux workstation 7.0

redhat enterprise linux for scientific computing 7.0

redhat enterprise linux server 7.0

redhat enterprise linux for power little endian 7.0

redhat enterprise linux for power big endian 7.0

redhat enterprise linux server aus 7.4

redhat enterprise linux server tus 7.4

redhat enterprise linux server tus 7.6

redhat enterprise linux server aus 7.6

redhat enterprise linux 7.6

redhat enterprise linux server update services for sap solutions 7.6

redhat enterprise linux server update services for sap solutions 7.4

redhat enterprise linux compute node eus 7.6

redhat enterprise linux server for power little endian update services for sap solutions 7.4

redhat enterprise linux server for power little endian update services for sap solutions 7.6

redhat enterprise linux for ibm z systems \\(structure a\\) 7_s390x

redhat enterprise linux for ibm z systems eus 7.6

redhat enterprise linux for power big endian eus 7.6

redhat enterprise linux for power little endian eus 7.6

Vendor Advisories

Ubuntu Security Notice: systemd vulnerabilities
Several security issues were fixed in systemd ...
Red Hat: Moderate: systemd security and bug fix update
Synopsis Moderate: systemd security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for systemd is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...
Red Hat: Moderate: systemd security, bug fix, and enhancement update
Synopsis Moderate: systemd security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for systemd is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Sy ...
Red Hat: Moderate: systemd security update
Synopsis Moderate: systemd security update Type/Severity Security Advisory: Moderate Topic An update for systemd is now available for Red Hat Enterprise Linux 74 Advanced Update Support, Red Hat Enterprise Linux 74 Telco Extended Update Support, and Red Hat Enterprise Linux 74 Update Services for SAP Sol ...
Red Hat: Moderate: systemd security and bug fix update
Synopsis Moderate: systemd security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for systemd is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...
Debian CVElist Bug Report Logs: systemd: CVE-2018-16865
Debian Bug report logs - #918848 systemd: CVE-2018-16865 Package: src:systemd; Maintainer for src:systemd is Debian systemd Maintainers <pkg-systemd-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 9 Jan 2019 21:45:14 UTC Severity: grave Tags: security, upstream ...
Debian CVElist Bug Report Logs: systemd: CVE-2018-16864
Debian Bug report logs - #918841 systemd: CVE-2018-16864 Package: src:systemd; Maintainer for src:systemd is Debian systemd Maintainers <pkg-systemd-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 9 Jan 2019 21:39:02 UTC Severity: grave Tags: security, upstream ...
Amazon Linux 2: ALAS2-2019-1141
Large syslogd messages sent to journald can cause stack corruption, causing journald to crash The version of systemd on Amazon Linux 2 is not vulnerable to privilege escalation in this case (CVE-2018-16864) Large native messages to journald can cause stack corruption, leading to possible local privilege escalation(CVE-2018-16865) Please note, ...
Amazon Linux 2: ALAS2-2021-1647
It was discovered that systemd is vulnerable to a state injection attack when deserializing the state of a service Properties longer than LINE_MAX are not correctly parsed and an attacker may abuse this flaw in particularly configured services to inject, change, or corrupt the service state (CVE-2018-15686) An out of bounds read was discovered in ...
Red Hat: CVE-2018-16866
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':' A local attacker can use this flaw to disclose process memory data ...
Arch Linux Issues:
An out-of-bounds read has been found in the journald component of systemd >= v221 and < v240, in the syslog_parse_identifier() function in journald-syslogc A crafted syslog message whose last character is ':' can trigger this vulnerability to leak information about the content of the memory ...

Mailing Lists

Full Disclosure: Re: System Down: A systemd-journald exploit
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: System Down: A systemd-journald exploit <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Qualys Securi ...
Full Disclosure: System Down: A systemd-journald exploit
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> System Down: A systemd-journald exploit <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Qualys Security A ...
Full Disclosure: Re: System Down: A systemd-journald exploit
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: System Down: A systemd-journald exploit <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Qualys Security Advis ...

Github Repositories

https://github.com/hpcprofessional/remediate_cesa_2019_2091

Remediation task for CVE-2018-15686, CVE-2018-16866, and CVE-2018-16888 affecting SystemD in EL7

cesa_2019_2091 This module contains a Bolt Task that will remediate CVEs described in CESA-2019:2091 and parallel issues present on other Enterprise Linux 7 (EL7) platforms Table of Contents Description Setup - The basics of getting started with cesa_2019_2091 Beginning with cesa_2019_2091 Usage - Configuration options and additional functionality Limitations - OS compatib

Recent Articles

The D in SystemD stands for Danger, Will Robinson! Defanged exploit code for security holes now out in the wild
The Register • Thomas Claburn in San Francisco • 31 Jan 2019

Capsule8 demos takeover technique to help sysadmins check for vulnerabilities The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box

Those who haven't already patched a trio of recent vulnerabilities in the Linux world's SystemD have an added incentive to do so: security biz Capsule8 has published exploit code for the holes. Don't panic, though: the exploit code has been defanged so that it is defeated by basic security measures, and thus shouldn't work in the wild against typical Linux installations. However, Capsule8 or others may reveal ways to bypass those protections, so consider this a heads-up, or an insight into explo...

Read more...
The D in SystemD stands for Dammmit... Security holes found in much-adored Linux toolkit
The Register • Thomas Claburn in San Francisco • 10 Jan 2019

Patches pending for distros to deal with threat of local privilege escalation to root The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box

Security biz Qualys has revealed three vulnerabilities in a component of systemd, a system and service manager used in most major Linux distributions. Patches for the three flaws – CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866 – should appear in distro repos soon as a result of coordinated disclosure. However, Linux distributions such as Debian remain vulnerable at the moment, depending on the version you have installed. "They're aware of the issues and they're releasing patches," said ...

Read more...

References

CWE-200CWE-125https://www.qualys.com/2019/01/09/system-down/system-down.txthttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866https://usn.ubuntu.com/3855-1/http://www.securityfocus.com/bid/106527https://www.debian.org/security/2019/dsa-4367https://security.netapp.com/advisory/ntap-20190117-0001/https://security.gentoo.org/glsa/201903-07http://www.openwall.com/lists/oss-security/2019/05/10/4https://seclists.org/bugtraq/2019/May/25http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.htmlhttp://seclists.org/fulldisclosure/2019/May/21https://access.redhat.com/errata/RHSA-2019:2091https://access.redhat.com/errata/RHSA-2019:3222https://access.redhat.com/errata/RHSA-2020:0593https://usn.ubuntu.com/3855-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook