PT-2018-2799 · Systemd+5 · Systemd+5

Jann Horn

Publicado

2018-10-26

Atualizado

2024-06-15

CVE-2018-15686

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions systemd versions up to and including 239

Description A vulnerability in unit deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation.

Recommendations For systemd versions up to and including 239, update to a version higher than 239 to resolve the issue. As a temporary workaround, consider restricting access to NotifyAccess to minimize the risk of exploitation.

Exploit

Correção

Deserialization of Untrusted Data

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-502CWE-20

Identificadores relacionados

ALT-PU-2019-1000

BDU:2019-01963

CESA-2019_2091

CVE-2018-15686

DLA-1580-1

OPENSUSE-SU-2018_3695-1

OPENSUSE-SU-2018_3803-1

OPENSUSE-SU-2024:11420-1

RHSA-2019:2091

RHSA-2019:3222

RHSA-2019_2091

RHSA-2020:0593

RHSA-2020:1264

SUSE-SU-2018:3644-1

SUSE-SU-2018:3767-1

SUSE-SU-2018:3767-2

SUSE-SU-2018_3644-1

SUSE-SU-2018_3767-1

SUSE-SU-2018_3767-2

SUSE-SU-2019:0053-1

SUSE-SU-2019:0054-1

SUSE-SU-2019:0054-2

SUSE-SU-2019_0053-1

SUSE-SU-2019_0054-1

SUSE-SU-2019_0054-2

USN-3816-1

USN-3816-3

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Systemd

PT-2018-2799 · Systemd+5 · Systemd+5

CVE-2018-15686

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 86