An issue exists in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
systemd project systemd 239 |
||
opensuse leap 15.0 |
||
netapp active iq performance analytics services - |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
fedoraproject fedora 29 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 18.10 |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux server tus 7.3 |
||
redhat enterprise linux server aus 7.3 |
||
redhat enterprise linux server aus 7.4 |
||
redhat enterprise linux server tus 7.4 |
||
redhat enterprise linux eus 7.4 |
||
redhat enterprise linux eus 7.5 |
||
redhat enterprise linux server tus 7.6 |
||
redhat enterprise linux server eus 7.6 |
||
redhat enterprise linux server aus 7.6 |
||
redhat enterprise linux 8.0 |
||
redhat enterprise linux eus 8.1 |
||
redhat enterprise linux eus 8.2 |
||
redhat enterprise linux server tus 8.2 |
||
redhat enterprise linux server aus 8.2 |
||
redhat enterprise linux server tus 8.4 |
||
redhat enterprise linux eus 8.4 |
||
redhat enterprise linux server aus 8.4 |
||
redhat enterprise linux server update services for sap solutions 8.2 |
||
redhat enterprise linux server update services for sap solutions 8.1 |
||
redhat enterprise linux for power little endian eus 8.2 |
||
redhat enterprise linux for ibm z systems eus 8.2 |
||
redhat enterprise linux for ibm z systems eus 8.1 |
||
redhat enterprise linux for power little endian eus 8.1 |
||
redhat enterprise linux for power little endian 8.0 |
||
redhat enterprise linux for ibm z systems eus 8.4 |
||
redhat enterprise linux for power little endian eus 8.4 |
||
redhat enterprise linux server update services for sap solutions 7.4 |
||
redhat enterprise linux server update services for sap solutions 7.3 |
||
redhat enterprise linux compute node eus 7.5 |
||
redhat enterprise linux server for power little endian update services for sap solutions 7.4 |
||
redhat enterprise linux server update services for sap solutions 8.0 |
||
redhat enterprise linux for power little endian eus 7.4 |
||
redhat enterprise linux for ibm z systems eus 7.4 |
||
redhat enterprise linux for power little endian eus 7.5 |
||
redhat enterprise linux for power big endian eus 7.4 |
||
redhat enterprise linux for ibm z systems eus 7.5 |
||
redhat enterprise linux server for power little endian update services for sap solutions 8.0 |
||
redhat enterprise linux server for power little endian update services for sap solutions 8.1 |
||
redhat enterprise linux server for power little endian update services for sap solutions 8.2 |
||
redhat enterprise linux server for power little endian update services for sap solutions 7.3 |
||
mcafee web gateway |
Vulmon