Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.7
CVSSv3

CVE-2018-16888

Published: 14/01/2019 Updated: 07/11/2023
CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4
CVSS v3 Base Score: 4.7 | Impact Score: 3.6 | Exploitability Score: 1
VMScore: 169
Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Systemd Project

Vulnerability Summary

It exists systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

systemd project systemd

redhat enterprise linux 7.0

canonical ubuntu linux 18.04

canonical ubuntu linux 19.10

canonical ubuntu linux 16.04

netapp element software -

netapp active iq performance analytics services -

Vendor Advisories

Red Hat: Moderate: systemd security, bug fix, and enhancement update
Synopsis Moderate: systemd security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for systemd is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Sy ...
Ubuntu Security Notice: systemd vulnerabilities
Several security issues were fixed in systemd ...

Github Repositories

https://github.com/hpcprofessional/remediate_cesa_2019_2091

Remediation task for CVE-2018-15686, CVE-2018-16866, and CVE-2018-16888 affecting SystemD in EL7

cesa_2019_2091 This module contains a Bolt Task that will remediate CVEs described in CESA-2019:2091 and parallel issues present on other Enterprise Linux 7 (EL7) platforms Table of Contents Description Setup - The basics of getting started with cesa_2019_2091 Beginning with cesa_2019_2091 Usage - Configuration options and additional functionality Limitations - OS compatib

References

CWE-269https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888https://security.netapp.com/advisory/ntap-20190307-0007/https://access.redhat.com/errata/RHSA-2019:2091https://usn.ubuntu.com/4269-1/https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74%40%3Cuser.cassandra.apache.org%3Ehttps://access.redhat.com/errata/RHSA-2019:2091https://usn.ubuntu.com/4269-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook