Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2020-1712

Published: 31/03/2020 Updated: 07/11/2023
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Systemd

Vulnerability Summary

It exists that systemd incorrectly handled certain PIDFile files. A local attacker could possibly use this issue to trick systemd into killing privileged processes. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-16888)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

systemd project systemd

redhat enterprise linux 8.0

redhat openshift container platform 4.0

redhat discovery -

redhat migration toolkit 1.0

redhat ceph storage 4.0

debian debian linux 9.0

Vendor Advisories

Debian CVElist Bug Report Logs: systemd: CVE-2020-1712
Debian Bug report logs - #950732 systemd: CVE-2020-1712 Package: src:systemd; Maintainer for src:systemd is Debian systemd Maintainers <pkg-systemd-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 5 Feb 2020 13:21:05 UTC Severity: grave Tags: security, upstream ...
Ubuntu Security Notice: systemd vulnerabilities
Several security issues were fixed in systemd ...
Red Hat: Important: systemd security update
Synopsis Important: systemd security update Type/Severity Security Advisory: Important Topic An update for systemd is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Red Hat: Moderate: Red Hat CodeReady Workspaces 2.1.0 release
Synopsis Moderate: Red Hat CodeReady Workspaces 210 release Type/Severity Security Advisory: Moderate Topic Red Hat CodeReady Workspaces 210 has been releasedRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, ...
Red Hat: Important: systemd security and bug fix update
Synopsis Important: systemd security and bug fix update Type/Severity Security Advisory: Important Topic An update for systemd is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ...
Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update
Synopsis Moderate: OpenShift Container Platform 461 image security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Container Platform 46Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...
Amazon Linux 2: ALAS2-2020-1388
A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages (CVE-2020-1712) ...
Arch Linux Issues:
A heap use-after-free vulnerability was found in systemd before version 245, where asynchronous Polkit queries are performed while handling dbus messages A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

Github Repositories

https://github.com/SamanthaYu/CacheChecker

CMPT 416 Project (Custom Clang Checker for systemd)

CacheChecker CacheChecker detects cache-based use-after-frees within systemd In this repo, we demonstrate how to create a custom Clang static analyzer checker Setup Before building Clang, make sure that you have plenty of space to build it (eg 60 GB) Clone the LLVM repository: githubcom/llvm/llvm-projectgit How to Build Clang There's two ways to build Clan

Recent Articles

Kaspersky cleans up poisoned watering hole, Google presses pause on cookie crackdown
The Register • Shaun Nichols in San Francisco • 06 Apr 2020

Plus: SystemD has a privilege escalation flaw that needs patching, and more bits and bytes

Roundup Kaspersky has detailed its takedown of a massive so-called watering-hole attack appearing to target certain folks in China, in the top story in The Reg's infosec roundup that looks at issues of the past week beyond our own detailed coverage. The security firm said the operation, designed to target "more than 10 websites related to religion, voluntary programs, charity and several other areas," used sites set up to deliver backdoors primarily crafted from open source tools and GitHub repo...

Read more...

References

CWE-416https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2https://www.openwall.com/lists/oss-security/2020/02/05/1https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1712https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abbhttps://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2dhttps://lists.debian.org/debian-lts-announce/2022/06/msg00025.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950732https://usn.ubuntu.com/4269-1/https://nvd.nist.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook