Vulnerabilites related to systemd_project - systemd
cve-2018-16866
Vulnerability from cvelistv5
Published
2019-01-11 19:00
Modified
2024-08-05 10:32
Severity ?
EPSS score ?
Summary
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The systemd Project | systemd |
Version: from v221 to v239 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T10:32:54.043Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-4367", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4367", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190117-0001/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.qualys.com/2019/01/09/system-down/system-down.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866", }, { name: "USN-3855-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3855-1/", }, { name: "106527", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/106527", }, { name: "GLSA-201903-07", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201903-07", }, { name: "[oss-security] 20190510 Re: System Down: A systemd-journald exploit", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/05/10/4", }, { name: "20190513 Re: System Down: A systemd-journald exploit", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/May/25", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html", }, { name: "20190513 Re: System Down: A systemd-journald exploit", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/May/21", }, { name: "RHSA-2019:2091", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2091", }, { name: "RHSA-2019:3222", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3222", }, { name: "RHSA-2020:0593", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0593", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "systemd", vendor: "The systemd Project", versions: [ { status: "affected", version: "from v221 to v239", }, ], }, ], datePublic: "2019-01-09T00:00:00", descriptions: [ { lang: "en", value: "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-200", description: "CWE-200", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-25T14:06:20", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "DSA-4367", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4367", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190117-0001/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.qualys.com/2019/01/09/system-down/system-down.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866", }, { name: "USN-3855-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3855-1/", }, { name: "106527", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/106527", }, { name: "GLSA-201903-07", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201903-07", }, { name: "[oss-security] 20190510 Re: System Down: A systemd-journald exploit", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/05/10/4", }, { name: "20190513 Re: System Down: A systemd-journald exploit", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/May/25", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html", }, { name: "20190513 Re: System Down: A systemd-journald exploit", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/May/21", }, { name: "RHSA-2019:2091", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2091", }, { name: "RHSA-2019:3222", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3222", }, { name: "RHSA-2020:0593", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0593", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2018-16866", datePublished: "2019-01-11T19:00:00", dateReserved: "2018-09-11T00:00:00", dateUpdated: "2024-08-05T10:32:54.043Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-1712
Vulnerability from cvelistv5
Published
2020-03-31 16:44
Modified
2024-08-04 06:46
Severity ?
EPSS score ?
Summary
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1712 | x_refsource_CONFIRM | |
https://www.openwall.com/lists/oss-security/2020/02/05/1 | x_refsource_CONFIRM | |
https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2 | x_refsource_CONFIRM | |
https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54 | x_refsource_CONFIRM | |
https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb | x_refsource_CONFIRM | |
https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d | x_refsource_CONFIRM | |
https://lists.debian.org/debian-lts-announce/2022/06/msg00025.html | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:46:30.849Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1712", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2020/02/05/1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d", }, { name: "[debian-lts-announce] 20220630 [SECURITY] [DLA 3063-1] systemd security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00025.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "systemd", vendor: "[UNKNOWN]", versions: [ { status: "affected", version: "before v245-rc1", }, ], }, ], descriptions: [ { lang: "en", value: "A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-30T16:06:19", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1712", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.openwall.com/lists/oss-security/2020/02/05/1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d", }, { name: "[debian-lts-announce] 20220630 [SECURITY] [DLA 3063-1] systemd security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00025.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2020-1712", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "systemd", version: { version_data: [ { version_value: "before v245-rc1", }, ], }, }, ], }, vendor_name: "[UNKNOWN]", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", }, ], }, impact: { cvss: [ [ { vectorString: "7.8/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-416", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1712", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1712", }, { name: "https://www.openwall.com/lists/oss-security/2020/02/05/1", refsource: "CONFIRM", url: "https://www.openwall.com/lists/oss-security/2020/02/05/1", }, { name: "https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2", refsource: "CONFIRM", url: "https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2", }, { name: "https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54", refsource: "CONFIRM", url: "https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54", }, { name: "https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb", refsource: "CONFIRM", url: "https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb", }, { name: "https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d", refsource: "CONFIRM", url: "https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d", }, { name: "[debian-lts-announce] 20220630 [SECURITY] [DLA 3063-1] systemd security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00025.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2020-1712", datePublished: "2020-03-31T16:44:29", dateReserved: "2019-11-27T00:00:00", dateUpdated: "2024-08-04T06:46:30.849Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-7795
Vulnerability from cvelistv5
Published
2016-10-13 14:00
Modified
2024-08-06 02:04
Severity ?
EPSS score ?
Summary
The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket.
References
▼ | URL | Tags |
---|---|---|
http://www.openwall.com/lists/oss-security/2016/09/30/1 | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2016/09/28/9 | mailing-list, x_refsource_MLIST | |
http://www.securityfocus.com/bid/93223 | vdb-entry, x_refsource_BID | |
http://rhn.redhat.com/errata/RHSA-2016-2610.html | vendor-advisory, x_refsource_REDHAT | |
https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet | x_refsource_MISC | |
http://www.ubuntu.com/usn/USN-3094-1 | vendor-advisory, x_refsource_UBUNTU | |
https://github.com/systemd/systemd/issues/4234 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037320 | vdb-entry, x_refsource_SECTRACK | |
http://rhn.redhat.com/errata/RHSA-2016-2694.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:04:56.076Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20160930 Re: CVE Request: systemd v209+: local denial-of-service attack", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/09/30/1", }, { name: "[oss-security] 20160928 CVE Request: systemd v209+: local denial-of-service attack", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/09/28/9", }, { name: "93223", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93223", }, { name: "RHSA-2016:2610", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2610.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet", }, { name: "USN-3094-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3094-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/systemd/systemd/issues/4234", }, { name: "1037320", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037320", }, { name: "RHSA-2016:2694", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2694.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-09-28T00:00:00", descriptions: [ { lang: "en", value: "The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-27T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[oss-security] 20160930 Re: CVE Request: systemd v209+: local denial-of-service attack", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/09/30/1", }, { name: "[oss-security] 20160928 CVE Request: systemd v209+: local denial-of-service attack", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/09/28/9", }, { name: "93223", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93223", }, { name: "RHSA-2016:2610", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2610.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet", }, { name: "USN-3094-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3094-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/systemd/systemd/issues/4234", }, { name: "1037320", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037320", }, { name: "RHSA-2016:2694", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2694.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-7795", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20160930 Re: CVE Request: systemd v209+: local denial-of-service attack", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/09/30/1", }, { name: "[oss-security] 20160928 CVE Request: systemd v209+: local denial-of-service attack", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/09/28/9", }, { name: "93223", refsource: "BID", url: "http://www.securityfocus.com/bid/93223", }, { name: "RHSA-2016:2610", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2610.html", }, { name: "https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet", refsource: "MISC", url: "https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet", }, { name: "USN-3094-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3094-1", }, { name: "https://github.com/systemd/systemd/issues/4234", refsource: "CONFIRM", url: "https://github.com/systemd/systemd/issues/4234", }, { name: "1037320", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037320", }, { name: "RHSA-2016:2694", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2694.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-7795", datePublished: "2016-10-13T14:00:00", dateReserved: "2016-09-09T00:00:00", dateUpdated: "2024-08-06T02:04:56.076Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-20839
Vulnerability from cvelistv5
Published
2019-05-17 03:39
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.
References
▼ | URL | Tags |
---|---|---|
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993 | x_refsource_MISC | |
https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f | x_refsource_MISC | |
https://github.com/systemd/systemd/pull/12378 | x_refsource_MISC | |
http://www.securityfocus.com/bid/108389 | vdb-entry, x_refsource_BID | |
https://security.netapp.com/advisory/ntap-20190530-0002/ | x_refsource_CONFIRM | |
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:12:29.348Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/systemd/systemd/pull/12378", }, { name: "108389", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/108389", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190530-0002/", }, { name: "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-25T16:06:17", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/systemd/systemd/pull/12378", }, { name: "108389", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/108389", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190530-0002/", }, { name: "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-20839", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993", refsource: "MISC", url: "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993", }, { name: "https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f", refsource: "MISC", url: "https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f", }, { name: "https://github.com/systemd/systemd/pull/12378", refsource: "MISC", url: "https://github.com/systemd/systemd/pull/12378", }, { name: "108389", refsource: "BID", url: "http://www.securityfocus.com/bid/108389", }, { name: "https://security.netapp.com/advisory/ntap-20190530-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190530-0002/", }, { name: "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-20839", datePublished: "2019-05-17T03:39:01", dateReserved: "2019-05-16T00:00:00", dateUpdated: "2024-08-05T12:12:29.348Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-9445
Vulnerability from cvelistv5
Published
2017-06-28 06:00
Modified
2024-08-05 17:11
Severity ?
EPSS score ?
Summary
In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it.
References
▼ | URL | Tags |
---|---|---|
https://launchpad.net/bugs/1695546 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1038806 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/99302 | vdb-entry, x_refsource_BID | |
http://openwall.com/lists/oss-security/2017/06/27/8 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T17:11:01.693Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://launchpad.net/bugs/1695546", }, { name: "1038806", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038806", }, { name: "99302", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99302", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2017/06/27/8", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-06-28T00:00:00", descriptions: [ { lang: "en", value: "In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-06T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://launchpad.net/bugs/1695546", }, { name: "1038806", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038806", }, { name: "99302", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99302", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://openwall.com/lists/oss-security/2017/06/27/8", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-9445", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://launchpad.net/bugs/1695546", refsource: "CONFIRM", url: "https://launchpad.net/bugs/1695546", }, { name: "1038806", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038806", }, { name: "99302", refsource: "BID", url: "http://www.securityfocus.com/bid/99302", }, { name: "http://openwall.com/lists/oss-security/2017/06/27/8", refsource: "CONFIRM", url: "http://openwall.com/lists/oss-security/2017/06/27/8", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-9445", datePublished: "2017-06-28T06:00:00", dateReserved: "2017-06-05T00:00:00", dateUpdated: "2024-08-05T17:11:01.693Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4391
Vulnerability from cvelistv5
Published
2013-10-28 22:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=859051 | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/201612-34 | vendor-advisory, x_refsource_GENTOO | |
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357 | x_refsource_CONFIRM | |
http://www.debian.org/security/2013/dsa-2777 | vendor-advisory, x_refsource_DEBIAN | |
http://www.openwall.com/lists/oss-security/2013/10/01/9 | mailing-list, x_refsource_MLIST | |
http://cgit.freedesktop.org/systemd/systemd/commit/?id=505b6a61c22d5565e9308045c7b9bf79f7d0517e | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:45:13.852Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=859051", }, { name: "GLSA-201612-34", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201612-34", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", }, { name: "DSA-2777", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2013/dsa-2777", }, { name: "[oss-security] 20131001 Re: [CVE request] systemd", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/10/01/9", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://cgit.freedesktop.org/systemd/systemd/commit/?id=505b6a61c22d5565e9308045c7b9bf79f7d0517e", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-09-19T00:00:00", descriptions: [ { lang: "en", value: "Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-06-30T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=859051", }, { name: "GLSA-201612-34", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201612-34", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", }, { name: "DSA-2777", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2013/dsa-2777", }, { name: "[oss-security] 20131001 Re: [CVE request] systemd", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2013/10/01/9", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://cgit.freedesktop.org/systemd/systemd/commit/?id=505b6a61c22d5565e9308045c7b9bf79f7d0517e", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-4391", datePublished: "2013-10-28T22:00:00", dateReserved: "2013-06-12T00:00:00", dateUpdated: "2024-08-06T16:45:13.852Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-31438
Vulnerability from cvelistv5
Published
2023-06-13 00:00
Modified
2024-08-02 14:53
Severity ?
EPSS score ?
Summary
An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:53:30.747Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/systemd/systemd/releases", }, { tags: [ "x_transferred", ], url: "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", }, { tags: [ "x_transferred", ], url: "https://github.com/kastel-security/Journald", }, { tags: [ "x_transferred", ], url: "https://github.com/systemd/systemd/pull/28886", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-21T14:35:14.869069", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/systemd/systemd/releases", }, { url: "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", }, { url: "https://github.com/kastel-security/Journald", }, { url: "https://github.com/systemd/systemd/pull/28886", }, ], tags: [ "disputed", ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-31438", datePublished: "2023-06-13T00:00:00", dateReserved: "2023-04-28T00:00:00", dateUpdated: "2024-08-02T14:53:30.747Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-15687
Vulnerability from cvelistv5
Published
2018-10-26 14:00
Modified
2024-09-16 22:03
Severity ?
EPSS score ?
Summary
A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.
References
▼ | URL | Tags |
---|---|---|
https://security.gentoo.org/glsa/201810-10 | vendor-advisory, x_refsource_GENTOO | |
https://github.com/systemd/systemd/pull/10517/commits | x_refsource_MISC | |
http://www.securityfocus.com/bid/105748 | vdb-entry, x_refsource_BID | |
https://usn.ubuntu.com/3816-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://www.exploit-db.com/exploits/45715/ | exploit, x_refsource_EXPLOIT-DB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T10:01:54.407Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "GLSA-201810-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201810-10", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/systemd/systemd/pull/10517/commits", }, { name: "105748", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105748", }, { name: "USN-3816-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3816-1/", }, { name: "45715", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/45715/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "systemd", vendor: "systemd", versions: [ { lessThanOrEqual: "239", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Jann Horn", }, ], datePublic: "2018-10-25T00:00:00", descriptions: [ { lang: "en", value: "A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "There is a race condition between a stat(2) call and the fchmodat(2) call.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-11-13T10:57:01", orgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", shortName: "canonical", }, references: [ { name: "GLSA-201810-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201810-10", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/systemd/systemd/pull/10517/commits", }, { name: "105748", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105748", }, { name: "USN-3816-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3816-1/", }, { name: "45715", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/45715/", }, ], source: { defect: [ "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1796692", ], discovery: "EXTERNAL", }, title: "systemd: chown_one() can dereference symlinks", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@ubuntu.com", DATE_PUBLIC: "2018-10-25T00:00:00.000Z", ID: "CVE-2018-15687", STATE: "PUBLIC", TITLE: "systemd: chown_one() can dereference symlinks", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "systemd", version: { version_data: [ { affected: "<=", version_affected: "<=", version_value: "239", }, ], }, }, ], }, vendor_name: "systemd", }, ], }, }, credit: [ { lang: "eng", value: "Jann Horn", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "There is a race condition between a stat(2) call and the fchmodat(2) call.", }, ], }, ], }, references: { reference_data: [ { name: "GLSA-201810-10", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201810-10", }, { name: "https://github.com/systemd/systemd/pull/10517/commits", refsource: "MISC", url: "https://github.com/systemd/systemd/pull/10517/commits", }, { name: "105748", refsource: "BID", url: "http://www.securityfocus.com/bid/105748", }, { name: "USN-3816-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3816-1/", }, { name: "45715", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/45715/", }, ], }, source: { defect: [ "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1796692", ], discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", assignerShortName: "canonical", cveId: "CVE-2018-15687", datePublished: "2018-10-26T14:00:00Z", dateReserved: "2018-08-22T00:00:00", dateUpdated: "2024-09-16T22:03:00.439Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13529
Vulnerability from cvelistv5
Published
2021-05-10 15:08
Modified
2024-08-04 12:18
Severity ?
EPSS score ?
Summary
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.
References
▼ | URL | Tags |
---|---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142 | x_refsource_MISC | |
https://security.gentoo.org/glsa/202107-48 | vendor-advisory, x_refsource_GENTOO | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/ | vendor-advisory, x_refsource_FEDORA | |
http://www.openwall.com/lists/oss-security/2021/08/04/2 | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2021/08/17/3 | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2021/09/07/3 | mailing-list, x_refsource_MLIST | |
https://security.netapp.com/advisory/ntap-20210625-0005/ | x_refsource_CONFIRM |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:18:18.443Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142", }, { name: "GLSA-202107-48", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-48", }, { name: "FEDORA-2021-166e461c8d", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/", }, { name: "[oss-security] 20210804 Re: Pop!_OS Membership to linux-distros list", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/08/04/2", }, { name: "[oss-security] 20210817 Re: Pop!_OS Membership to linux-distros list", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/08/17/3", }, { name: "[oss-security] 20210907 Re: Pop!_OS Membership to linux-distros list", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/09/07/3", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210625-0005/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Systemd", vendor: "n/a", versions: [ { status: "affected", version: "Canonical Ubuntu 20.04 LTS, Systemd 245", }, ], }, ], descriptions: [ { lang: "en", value: "An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-290", description: "CWE-290: Authentication Bypass by Spoofing", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-19T15:13:43", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142", }, { name: "GLSA-202107-48", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-48", }, { name: "FEDORA-2021-166e461c8d", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/", }, { name: "[oss-security] 20210804 Re: Pop!_OS Membership to linux-distros list", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/08/04/2", }, { name: "[oss-security] 20210817 Re: Pop!_OS Membership to linux-distros list", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/08/17/3", }, { name: "[oss-security] 20210907 Re: Pop!_OS Membership to linux-distros list", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/09/07/3", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210625-0005/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "talos-cna@cisco.com", ID: "CVE-2020-13529", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Systemd", version: { version_data: [ { version_value: "Canonical Ubuntu 20.04 LTS, Systemd 245", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.", }, ], }, impact: { cvss: { baseScore: 6.1, baseSeverity: "Medium", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-290: Authentication Bypass by Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142", refsource: "MISC", url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142", }, { name: "GLSA-202107-48", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-48", }, { name: "FEDORA-2021-166e461c8d", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/", }, { name: "[oss-security] 20210804 Re: Pop!_OS Membership to linux-distros list", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/08/04/2", }, { name: "[oss-security] 20210817 Re: Pop!_OS Membership to linux-distros list", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/08/17/3", }, { name: "[oss-security] 20210907 Re: Pop!_OS Membership to linux-distros list", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/09/07/3", }, { name: "https://security.netapp.com/advisory/ntap-20210625-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210625-0005/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2020-13529", datePublished: "2021-05-10T15:08:34", dateReserved: "2020-05-26T00:00:00", dateUpdated: "2024-08-04T12:18:18.443Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-31437
Vulnerability from cvelistv5
Published
2023-06-13 00:00
Modified
2025-01-03 19:31
Severity ?
EPSS score ?
Summary
An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:53:30.719Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/systemd/systemd/releases", }, { tags: [ "x_transferred", ], url: "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", }, { tags: [ "x_transferred", ], url: "https://github.com/kastel-security/Journald", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-31437", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-03T19:31:49.189625Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-354", description: "CWE-354 Improper Validation of Integrity Check Value", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-03T19:31:56.969Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-14T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/systemd/systemd/releases", }, { url: "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", }, { url: "https://github.com/kastel-security/Journald", }, ], tags: [ "disputed", ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-31437", datePublished: "2023-06-13T00:00:00", dateReserved: "2023-04-28T00:00:00", dateUpdated: "2025-01-03T19:31:56.969Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-3821
Vulnerability from cvelistv5
Published
2022-11-08 00:00
Modified
2024-08-03 01:20
Severity ?
EPSS score ?
Summary
An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:20:58.329Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139327", }, { tags: [ "x_transferred", ], url: "https://github.com/systemd/systemd/issues/23928", }, { tags: [ "x_transferred", ], url: "https://github.com/systemd/systemd/pull/23933", }, { tags: [ "x_transferred", ], url: "https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e", }, { name: "FEDORA-2022-8ac4104a02", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVBQC2VLSDVQAPJTEMTREXDL4HYLXG2P/", }, { name: "GLSA-202305-15", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-15", }, { name: "[debian-lts-announce] 20230629 [SECURITY] [DLA 3474-1] systemd security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00036.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "systemd", vendor: "n/a", versions: [ { status: "affected", version: "Fixed in systemd v252-rc1", }, ], }, ], descriptions: [ { lang: "en", value: "An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-193", description: "CWE-193 - Off-by-one Error", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-29T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139327", }, { url: "https://github.com/systemd/systemd/issues/23928", }, { url: "https://github.com/systemd/systemd/pull/23933", }, { url: "https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e", }, { name: "FEDORA-2022-8ac4104a02", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVBQC2VLSDVQAPJTEMTREXDL4HYLXG2P/", }, { name: "GLSA-202305-15", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-15", }, { name: "[debian-lts-announce] 20230629 [SECURITY] [DLA 3474-1] systemd security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00036.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2022-3821", datePublished: "2022-11-08T00:00:00", dateReserved: "2022-11-02T00:00:00", dateUpdated: "2024-08-03T01:20:58.329Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-16888
Vulnerability from cvelistv5
Published
2019-01-14 22:00
Modified
2024-08-05 10:39
Severity ?
EPSS score ?
Summary
It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.
References
▼ | URL | Tags |
---|---|---|
https://security.netapp.com/advisory/ntap-20190307-0007/ | x_refsource_CONFIRM | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2019:2091 | vendor-advisory, x_refsource_REDHAT | |
https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74%40%3Cuser.cassandra.apache.org%3E | mailing-list, x_refsource_MLIST | |
https://usn.ubuntu.com/4269-1/ | vendor-advisory, x_refsource_UBUNTU |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The systemd Project | systemd |
Version: v237 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T10:39:58.066Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190307-0007/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", }, { name: "RHSA-2019:2091", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2091", }, { name: "[cassandra-user] 20190809 cassandra does not start with new systemd version", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74%40%3Cuser.cassandra.apache.org%3E", }, { name: "USN-4269-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4269-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "systemd", vendor: "The systemd Project", versions: [ { status: "affected", version: "v237", }, ], }, ], datePublic: "2017-08-17T00:00:00", descriptions: [ { lang: "en", value: "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-250", description: "CWE-250", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-14T01:06:08", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190307-0007/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", }, { name: "RHSA-2019:2091", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2091", }, { name: "[cassandra-user] 20190809 cassandra does not start with new systemd version", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74%40%3Cuser.cassandra.apache.org%3E", }, { name: "USN-4269-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4269-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2018-16888", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "systemd", version: { version_data: [ { version_value: "v237", }, ], }, }, ], }, vendor_name: "The systemd Project", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", }, ], }, impact: { cvss: [ [ { vectorString: "4.4/CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, ], ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-250", }, ], }, ], }, references: { reference_data: [ { name: "https://security.netapp.com/advisory/ntap-20190307-0007/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190307-0007/", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", }, { name: "RHSA-2019:2091", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2091", }, { name: "[cassandra-user] 20190809 cassandra does not start with new systemd version", refsource: "MLIST", url: "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", }, { name: "USN-4269-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4269-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2018-16888", datePublished: "2019-01-14T22:00:00", dateReserved: "2018-09-11T00:00:00", dateUpdated: "2024-08-05T10:39:58.066Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4327
Vulnerability from cvelistv5
Published
2013-10-03 21:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
References
▼ | URL | Tags |
---|---|---|
http://www.ubuntu.com/usn/USN-1961-1 | vendor-advisory, x_refsource_UBUNTU | |
http://www.openwall.com/lists/oss-security/2013/09/18/6 | mailing-list, x_refsource_MLIST | |
http://www.debian.org/security/2013/dsa-2777 | vendor-advisory, x_refsource_DEBIAN | |
https://bugzilla.redhat.com/show_bug.cgi?id=1006680 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:38:01.987Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-1961-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1961-1", }, { name: "[oss-security] 20130918 Re: Fwd: [vs-plain] polkit races", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/09/18/6", }, { name: "DSA-2777", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2013/dsa-2777", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1006680", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-09-18T00:00:00", descriptions: [ { lang: "en", value: "systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-12-27T00:57:03", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "USN-1961-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1961-1", }, { name: "[oss-security] 20130918 Re: Fwd: [vs-plain] polkit races", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2013/09/18/6", }, { name: "DSA-2777", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2013/dsa-2777", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1006680", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-4327", datePublished: "2013-10-03T21:00:00", dateReserved: "2013-06-12T00:00:00", dateUpdated: "2024-08-06T16:38:01.987Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-15688
Vulnerability from cvelistv5
Published
2018-10-26 14:00
Modified
2024-09-17 01:20
Severity ?
EPSS score ?
Summary
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.
References
▼ | URL | Tags |
---|---|---|
https://security.gentoo.org/glsa/201810-10 | vendor-advisory, x_refsource_GENTOO | |
https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html | mailing-list, x_refsource_MLIST | |
https://usn.ubuntu.com/3807-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3806-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://access.redhat.com/errata/RHSA-2018:3665 | vendor-advisory, x_refsource_REDHAT | |
http://www.securityfocus.com/bid/105745 | vdb-entry, x_refsource_BID | |
https://github.com/systemd/systemd/pull/10518 | x_refsource_MISC | |
https://access.redhat.com/errata/RHSA-2019:0049 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHBA-2019:0327 | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T10:01:54.435Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "GLSA-201810-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201810-10", }, { name: "[debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html", }, { name: "USN-3807-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3807-1/", }, { name: "USN-3806-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3806-1/", }, { name: "RHSA-2018:3665", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3665", }, { name: "105745", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105745", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/systemd/systemd/pull/10518", }, { name: "RHSA-2019:0049", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0049", }, { name: "RHBA-2019:0327", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHBA-2019:0327", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "systemd", vendor: "systemd", versions: [ { lessThanOrEqual: "239", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Felix Wilhelm from the Google Security Team", }, ], datePublic: "2018-10-25T00:00:00", descriptions: [ { lang: "en", value: "A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "dhcp6_option_append_ia() contained an incorrect buffer size calculation.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-24T05:06:03", orgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", shortName: "canonical", }, references: [ { name: "GLSA-201810-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201810-10", }, { name: "[debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html", }, { name: "USN-3807-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3807-1/", }, { name: "USN-3806-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3806-1/", }, { name: "RHSA-2018:3665", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3665", }, { name: "105745", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105745", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/systemd/systemd/pull/10518", }, { name: "RHSA-2019:0049", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0049", }, { name: "RHBA-2019:0327", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHBA-2019:0327", }, ], source: { defect: [ "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1795921", ], discovery: "EXTERNAL", }, title: "Out-of-Bounds write in systemd-networkd dhcpv6 option handling", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@ubuntu.com", DATE_PUBLIC: "2018-10-25T00:00:00.000Z", ID: "CVE-2018-15688", STATE: "PUBLIC", TITLE: "Out-of-Bounds write in systemd-networkd dhcpv6 option handling", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "systemd", version: { version_data: [ { affected: "<=", version_affected: "<=", version_value: "239", }, ], }, }, ], }, vendor_name: "systemd", }, ], }, }, credit: [ { lang: "eng", value: "Felix Wilhelm from the Google Security Team", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "dhcp6_option_append_ia() contained an incorrect buffer size calculation.", }, ], }, ], }, references: { reference_data: [ { name: "GLSA-201810-10", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201810-10", }, { name: "[debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html", }, { name: "USN-3807-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3807-1/", }, { name: "USN-3806-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3806-1/", }, { name: "RHSA-2018:3665", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3665", }, { name: "105745", refsource: "BID", url: "http://www.securityfocus.com/bid/105745", }, { name: "https://github.com/systemd/systemd/pull/10518", refsource: "MISC", url: "https://github.com/systemd/systemd/pull/10518", }, { name: "RHSA-2019:0049", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:0049", }, { name: "RHBA-2019:0327", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHBA-2019:0327", }, ], }, source: { defect: [ "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1795921", ], discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", assignerShortName: "canonical", cveId: "CVE-2018-15688", datePublished: "2018-10-26T14:00:00Z", dateReserved: "2018-08-22T00:00:00", dateUpdated: "2024-09-17T01:20:40.408Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-3842
Vulnerability from cvelistv5
Published
2019-04-09 20:25
Modified
2024-08-04 19:19
Severity ?
EPSS score ?
Summary
In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any".
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3842 | x_refsource_CONFIRM | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STR36RJE4ZZIORMDXRERVBHMPRNRTHAC/ | vendor-advisory, x_refsource_FEDORA | |
https://www.exploit-db.com/exploits/46743/ | exploit, x_refsource_EXPLOIT-DB | |
http://packetstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.html | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html | mailing-list, x_refsource_MLIST | |
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html | vendor-advisory, x_refsource_SUSE | |
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E | mailing-list, x_refsource_MLIST | |
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The systemd Project | systemd |
Version: v242-rc4 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:19:18.556Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3842", }, { name: "FEDORA-2019-3fa5db9e19", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STR36RJE4ZZIORMDXRERVBHMPRNRTHAC/", }, { name: "46743", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/46743/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.html", }, { name: "[debian-lts-announce] 20190424 [SECURITY] [DLA 1762-1] systemd security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", }, { name: "openSUSE-SU-2019:1450", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "systemd", vendor: "The systemd Project", versions: [ { status: "affected", version: "v242-rc4", }, ], }, ], descriptions: [ { lang: "en", value: "In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the \"allow_active\" element rather than \"allow_any\".", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "CWE-285", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-29T14:08:37", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3842", }, { name: "FEDORA-2019-3fa5db9e19", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STR36RJE4ZZIORMDXRERVBHMPRNRTHAC/", }, { name: "46743", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/46743/", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.html", }, { name: "[debian-lts-announce] 20190424 [SECURITY] [DLA 1762-1] systemd security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", }, { name: "openSUSE-SU-2019:1450", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2019-3842", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "systemd", version: { version_data: [ { version_value: "v242-rc4", }, ], }, }, ], }, vendor_name: "The systemd Project", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the \"allow_active\" element rather than \"allow_any\".", }, ], }, impact: { cvss: [ [ { vectorString: "4.5/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, ], ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-285", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3842", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3842", }, { name: "FEDORA-2019-3fa5db9e19", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STR36RJE4ZZIORMDXRERVBHMPRNRTHAC/", }, { name: "46743", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/46743/", }, { name: "http://packetstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.html", }, { name: "[debian-lts-announce] 20190424 [SECURITY] [DLA 1762-1] systemd security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", }, { name: "openSUSE-SU-2019:1450", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2019-3842", datePublished: "2019-04-09T20:25:01", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-08-04T19:19:18.556Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-7008
Vulnerability from cvelistv5
Published
2023-12-23 13:00
Modified
2024-11-23 03:39
Severity ?
EPSS score ?
Summary
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2463 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3203 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-7008 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2222261 | ||
https://bugzilla.redhat.com/show_bug.cgi?id=2222672 | issue-tracking, x_refsource_REDHAT | |
https://github.com/systemd/systemd/issues/25676 |
Impacted products
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:239-82.el8 < * cpe:/o:redhat:enterprise_linux:8::baseos |
||||||||||||
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-11-22T12:04:44.733Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2024:2463", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:2463", }, { name: "RHSA-2024:3203", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:3203", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-7008", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2222261", }, { name: "RHBZ#2222672", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2222672", }, { tags: [ "x_transferred", ], url: "https://github.com/systemd/systemd/issues/25676", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL/", }, { url: "https://security.netapp.com/advisory/ntap-20241122-0004/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8::baseos", ], defaultStatus: "affected", packageName: "systemd", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:239-82.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", ], defaultStatus: "affected", packageName: "systemd", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:252-32.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", ], defaultStatus: "affected", packageName: "systemd", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:252-32.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:cryostat:2", ], defaultStatus: "unaffected", packageName: "systemd", product: "Cryostat 2", vendor: "Red Hat", }, ], datePublic: "2022-12-08T00:00:00+00:00", descriptions: [ { lang: "en", value: "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-300", description: "Channel Accessible by Non-Endpoint", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-23T03:39:26.132Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:2463", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:2463", }, { name: "RHSA-2024:3203", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:3203", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-7008", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2222261", }, { name: "RHBZ#2222672", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2222672", }, { url: "https://github.com/systemd/systemd/issues/25676", }, ], timeline: [ { lang: "en", time: "2023-07-12T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2022-12-08T00:00:00+00:00", value: "Made public.", }, ], title: "Systemd-resolved: unsigned name response in signed zone is not refused when dnssec=yes", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-300: Channel Accessible by Non-Endpoint", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-7008", datePublished: "2023-12-23T13:00:50.515Z", dateReserved: "2023-12-20T15:28:32.966Z", dateUpdated: "2024-11-23T03:39:26.132Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13776
Vulnerability from cvelistv5
Published
2020-06-03 02:05
Modified
2024-08-04 12:25
Severity ?
EPSS score ?
Summary
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.
References
▼ | URL | Tags |
---|---|---|
https://github.com/systemd/systemd/issues/15985 | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20200611-0003/ | x_refsource_CONFIRM | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYGLFEKG45EYBJ7TPQMLWROWPTZBEU63/ | vendor-advisory, x_refsource_FEDORA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:25:16.521Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/systemd/systemd/issues/15985", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200611-0003/", }, { name: "FEDORA-2020-2faf839786", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYGLFEKG45EYBJ7TPQMLWROWPTZBEU63/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-30T20:06:17", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/systemd/systemd/issues/15985", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200611-0003/", }, { name: "FEDORA-2020-2faf839786", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYGLFEKG45EYBJ7TPQMLWROWPTZBEU63/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-13776", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/systemd/systemd/issues/15985", refsource: "MISC", url: "https://github.com/systemd/systemd/issues/15985", }, { name: "https://security.netapp.com/advisory/ntap-20200611-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200611-0003/", }, { name: "FEDORA-2020-2faf839786", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYGLFEKG45EYBJ7TPQMLWROWPTZBEU63/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-13776", datePublished: "2020-06-03T02:05:22", dateReserved: "2020-06-03T00:00:00", dateUpdated: "2024-08-04T12:25:16.521Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-10156
Vulnerability from cvelistv5
Published
2017-01-23 06:49
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229.
References
▼ | URL | Tags |
---|---|---|
https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e | x_refsource_MISC | |
https://bugzilla.suse.com/show_bug.cgi?id=1020601 | x_refsource_MISC | |
http://www.securitytracker.com/id/1037686 | vdb-entry, x_refsource_SECTRACK | |
https://www.exploit-db.com/exploits/41171/ | exploit, x_refsource_EXPLOIT-DB | |
http://www.securityfocus.com/bid/95790 | vdb-entry, x_refsource_BID | |
https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T03:14:42.637Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1020601", }, { name: "1037686", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037686", }, { name: "41171", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/41171/", }, { name: "95790", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/95790", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-01-22T00:00:00", descriptions: [ { lang: "en", value: "A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-25T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1020601", }, { name: "1037686", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037686", }, { name: "41171", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/41171/", }, { name: "95790", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/95790", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-10156", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e", refsource: "MISC", url: "https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e", }, { name: "https://bugzilla.suse.com/show_bug.cgi?id=1020601", refsource: "MISC", url: "https://bugzilla.suse.com/show_bug.cgi?id=1020601", }, { name: "1037686", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037686", }, { name: "41171", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/41171/", }, { name: "95790", refsource: "BID", url: "http://www.securityfocus.com/bid/95790", }, { name: "https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f", refsource: "MISC", url: "https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-10156", datePublished: "2017-01-23T06:49:00", dateReserved: "2017-01-22T00:00:00", dateUpdated: "2024-08-06T03:14:42.637Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-0871
Vulnerability from cvelistv5
Published
2014-04-18 14:00
Modified
2024-08-06 18:38
Severity ?
EPSS score ?
Summary
The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.
References
▼ | URL | Tags |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00030.html | vendor-advisory, x_refsource_SUSE | |
http://cgit.freedesktop.org/systemd/systemd/commit/?id=fc3c1c6e091ea16ad5600b145201ec535bbb5d7c | x_refsource_CONFIRM | |
https://bugzilla.redhat.com/show_bug.cgi?id=795853 | x_refsource_CONFIRM | |
https://bugzilla.novell.com/show_bug.cgi?id=747154 | x_refsource_CONFIRM | |
http://www.osvdb.org/79768 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T18:38:14.999Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SA:2012:001", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00030.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://cgit.freedesktop.org/systemd/systemd/commit/?id=fc3c1c6e091ea16ad5600b145201ec535bbb5d7c", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=795853", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.novell.com/show_bug.cgi?id=747154", }, { name: "79768", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/79768", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-02-29T00:00:00", descriptions: [ { lang: "en", value: "The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-04-18T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "SUSE-SA:2012:001", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00030.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://cgit.freedesktop.org/systemd/systemd/commit/?id=fc3c1c6e091ea16ad5600b145201ec535bbb5d7c", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=795853", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.novell.com/show_bug.cgi?id=747154", }, { name: "79768", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/79768", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-0871", datePublished: "2014-04-18T14:00:00", dateReserved: "2012-01-19T00:00:00", dateUpdated: "2024-08-06T18:38:14.999Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-15686
Vulnerability from cvelistv5
Published
2018-10-26 14:00
Modified
2024-09-16 23:35
Severity ?
EPSS score ?
Summary
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.
References
▼ | URL | Tags |
---|---|---|
https://security.gentoo.org/glsa/201810-10 | vendor-advisory, x_refsource_GENTOO | |
https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html | mailing-list, x_refsource_MLIST | |
http://www.securityfocus.com/bid/105747 | vdb-entry, x_refsource_BID | |
https://www.exploit-db.com/exploits/45714/ | exploit, x_refsource_EXPLOIT-DB | |
https://usn.ubuntu.com/3816-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://access.redhat.com/errata/RHSA-2019:2091 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2019:3222 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2020:0593 | vendor-advisory, x_refsource_REDHAT | |
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E | mailing-list, x_refsource_MLIST | |
https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC | |
https://github.com/systemd/systemd/pull/10519 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T10:01:54.314Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "GLSA-201810-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201810-10", }, { name: "[debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html", }, { name: "105747", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105747", }, { name: "45714", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/45714/", }, { name: "USN-3816-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3816-1/", }, { name: "RHSA-2019:2091", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2091", }, { name: "RHSA-2019:3222", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3222", }, { name: "RHSA-2020:0593", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0593", }, { name: "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/systemd/systemd/pull/10519", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "systemd", vendor: "systemd", versions: [ { lessThanOrEqual: "239", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Jann Horn", }, ], datePublic: "2018-10-25T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "fgets() can be confused by overly-long input strings. The first read will return a partial string and subsequent reads will begin as if it were a new line.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-20T22:53:12", orgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", shortName: "canonical", }, references: [ { name: "GLSA-201810-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201810-10", }, { name: "[debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html", }, { name: "105747", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105747", }, { name: "45714", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/45714/", }, { name: "USN-3816-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3816-1/", }, { name: "RHSA-2019:2091", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2091", }, { name: "RHSA-2019:3222", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3222", }, { name: "RHSA-2020:0593", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0593", }, { name: "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/systemd/systemd/pull/10519", }, ], source: { defect: [ "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1796402", ], discovery: "EXTERNAL", }, title: "systemd: reexec state injection: fgets() on overlong lines leads to line splitting", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@ubuntu.com", DATE_PUBLIC: "2018-10-25T00:00:00.000Z", ID: "CVE-2018-15686", STATE: "PUBLIC", TITLE: "systemd: reexec state injection: fgets() on overlong lines leads to line splitting", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "systemd", version: { version_data: [ { affected: "<=", version_affected: "<=", version_value: "239", }, ], }, }, ], }, vendor_name: "systemd", }, ], }, }, credit: [ { lang: "eng", value: "Jann Horn", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "fgets() can be confused by overly-long input strings. The first read will return a partial string and subsequent reads will begin as if it were a new line.", }, ], }, ], }, references: { reference_data: [ { name: "GLSA-201810-10", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201810-10", }, { name: "[debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html", }, { name: "105747", refsource: "BID", url: "http://www.securityfocus.com/bid/105747", }, { name: "45714", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/45714/", }, { name: "USN-3816-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3816-1/", }, { name: "RHSA-2019:2091", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2091", }, { name: "RHSA-2019:3222", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3222", }, { name: "RHSA-2020:0593", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0593", }, { name: "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "https://github.com/systemd/systemd/pull/10519", refsource: "MISC", url: "https://github.com/systemd/systemd/pull/10519", }, ], }, source: { defect: [ "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1796402", ], discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", assignerShortName: "canonical", cveId: "CVE-2018-15686", datePublished: "2018-10-26T14:00:00Z", dateReserved: "2018-08-22T00:00:00", dateUpdated: "2024-09-16T23:35:50.701Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-45873
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2024-08-03 14:24
Severity ?
EPSS score ?
Summary
systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:24:03.197Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437", }, { tags: [ "x_transferred", ], url: "https://github.com/systemd/systemd/pull/25055#issuecomment-1313733553", }, { tags: [ "x_transferred", ], url: "https://github.com/systemd/systemd/pull/24853#issuecomment-1326561497", }, { name: "FEDORA-2022-ef4f57b072", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MS5N5SLYAHKENLAJWYBDKU55ICU3SVZF/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-31T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437", }, { url: "https://github.com/systemd/systemd/pull/25055#issuecomment-1313733553", }, { url: "https://github.com/systemd/systemd/pull/24853#issuecomment-1326561497", }, { name: "FEDORA-2022-ef4f57b072", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MS5N5SLYAHKENLAJWYBDKU55ICU3SVZF/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-45873", datePublished: "2022-11-23T00:00:00", dateReserved: "2022-11-23T00:00:00", dateUpdated: "2024-08-03T14:24:03.197Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1049
Vulnerability from cvelistv5
Published
2018-02-16 21:00
Modified
2024-09-16 16:47
Severity ?
EPSS score ?
Summary
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1041520 | vdb-entry, x_refsource_SECTRACK | |
https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html | mailing-list, x_refsource_MLIST | |
https://access.redhat.com/errata/RHSA-2018:0260 | vendor-advisory, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=1534701 | x_refsource_CONFIRM | |
https://usn.ubuntu.com/3558-1/ | vendor-advisory, x_refsource_UBUNTU |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Red Hat, Inc. | systemd |
Version: prior to 234 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:44:11.848Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1041520", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041520", }, { name: "[debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html", }, { name: "RHSA-2018:0260", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0260", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1534701", }, { name: "USN-3558-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3558-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "systemd", vendor: "Red Hat, Inc.", versions: [ { status: "affected", version: "prior to 234", }, ], }, ], datePublic: "2018-02-16T00:00:00", descriptions: [ { lang: "en", value: "In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-362", description: "CWE-362", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-11-20T10:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "1041520", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041520", }, { name: "[debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html", }, { name: "RHSA-2018:0260", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0260", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1534701", }, { name: "USN-3558-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3558-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", DATE_PUBLIC: "2018-02-16T00:00:00", ID: "CVE-2018-1049", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "systemd", version: { version_data: [ { version_value: "prior to 234", }, ], }, }, ], }, vendor_name: "Red Hat, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-362", }, ], }, ], }, references: { reference_data: [ { name: "1041520", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041520", }, { name: "[debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html", }, { name: "RHSA-2018:0260", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0260", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1534701", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1534701", }, { name: "USN-3558-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3558-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2018-1049", datePublished: "2018-02-16T21:00:00Z", dateReserved: "2017-12-04T00:00:00", dateUpdated: "2024-09-16T16:47:41.544Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-33910
Vulnerability from cvelistv5
Published
2021-07-20 18:13
Modified
2024-08-04 00:05
Severity ?
EPSS score ?
Summary
basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T00:05:51.738Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2021/07/20/2", }, { name: "GLSA-202107-48", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-48", }, { name: "DSA-4942", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-4942", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce", }, { name: "FEDORA-2021-2a6ba64260", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/", }, { name: "FEDORA-2021-166e461c8d", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/", }, { name: "[oss-security] 20210804 Re: Pop!_OS Membership to linux-distros list", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/08/04/2", }, { name: "[oss-security] 20210817 Re: Pop!_OS Membership to linux-distros list", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/08/17/3", }, { name: "[oss-security] 20210907 Re: Pop!_OS Membership to linux-distros list", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/09/07/3", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20211104-0008/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-14T10:06:44", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9", }, { tags: [ "x_refsource_MISC", ], url: "https://www.openwall.com/lists/oss-security/2021/07/20/2", }, { name: "GLSA-202107-48", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-48", }, { name: "DSA-4942", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2021/dsa-4942", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce", }, { name: "FEDORA-2021-2a6ba64260", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/", }, { name: "FEDORA-2021-166e461c8d", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/", }, { name: "[oss-security] 20210804 Re: Pop!_OS Membership to linux-distros list", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/08/04/2", }, { name: "[oss-security] 20210817 Re: Pop!_OS Membership to linux-distros list", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/08/17/3", }, { name: "[oss-security] 20210907 Re: Pop!_OS Membership to linux-distros list", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/09/07/3", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20211104-0008/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-33910", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9", refsource: "MISC", url: "https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9", }, { name: "https://www.openwall.com/lists/oss-security/2021/07/20/2", refsource: "MISC", url: "https://www.openwall.com/lists/oss-security/2021/07/20/2", }, { name: "GLSA-202107-48", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-48", }, { name: "DSA-4942", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-4942", }, { name: "http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html", }, { name: "https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b", refsource: "MISC", url: "https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b", }, { name: "https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61", refsource: "MISC", url: "https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61", }, { name: "https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538", refsource: "MISC", url: "https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538", }, { name: "https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b", refsource: "MISC", url: "https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b", }, { name: "https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce", refsource: "MISC", url: "https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce", }, { name: "FEDORA-2021-2a6ba64260", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/", }, { name: "FEDORA-2021-166e461c8d", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/", }, { name: "[oss-security] 20210804 Re: Pop!_OS Membership to linux-distros list", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/08/04/2", }, { name: "[oss-security] 20210817 Re: Pop!_OS Membership to linux-distros list", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/08/17/3", }, { name: "[oss-security] 20210907 Re: Pop!_OS Membership to linux-distros list", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/09/07/3", }, { name: "https://security.netapp.com/advisory/ntap-20211104-0008/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20211104-0008/", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-33910", datePublished: "2021-07-20T18:13:49", dateReserved: "2021-06-07T00:00:00", dateUpdated: "2024-08-04T00:05:51.738Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-7510
Vulnerability from cvelistv5
Published
2017-09-25 21:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd.
References
▼ | URL | Tags |
---|---|---|
https://github.com/systemd/systemd/issues/2002 | x_refsource_CONFIRM | |
https://github.com/keszybz/systemd/commit/cb31827d62066a04b02111df3052949fda4b6888 | x_refsource_CONFIRM | |
https://bugzilla.redhat.com/show_bug.cgi?id=1284642 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:51:28.132Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/systemd/systemd/issues/2002", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/keszybz/systemd/commit/cb31827d62066a04b02111df3052949fda4b6888", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1284642", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-11-23T00:00:00", descriptions: [ { lang: "en", value: "Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-25T20:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/systemd/systemd/issues/2002", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/keszybz/systemd/commit/cb31827d62066a04b02111df3052949fda4b6888", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1284642", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-7510", datePublished: "2017-09-25T21:00:00", dateReserved: "2015-09-29T00:00:00", dateUpdated: "2024-08-06T07:51:28.132Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-18078
Vulnerability from cvelistv5
Published
2018-01-29 05:00
Modified
2024-08-05 21:13
Severity ?
EPSS score ?
Summary
systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.
References
▼ | URL | Tags |
---|---|---|
http://lists.opensuse.org/opensuse-updates/2018-02/msg00109.html | vendor-advisory, x_refsource_SUSE | |
http://www.openwall.com/lists/oss-security/2018/01/29/3 | mailing-list, x_refsource_MLIST | |
https://www.exploit-db.com/exploits/43935/ | exploit, x_refsource_EXPLOIT-DB | |
https://github.com/systemd/systemd/issues/7736 | x_refsource_MISC | |
http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html | x_refsource_MISC | |
https://www.openwall.com/lists/oss-security/2018/01/29/4 | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html | mailing-list, x_refsource_MLIST | |
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E | mailing-list, x_refsource_MLIST | |
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:13:47.523Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "openSUSE-SU-2018:0560", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2018-02/msg00109.html", }, { name: "[oss-security] 20180129 CVE-2018-18078: systemd-tmpfiles root privilege escalation with fs.protected_hardlinks=0", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2018/01/29/3", }, { name: "43935", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/43935/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/systemd/systemd/issues/7736", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html", }, { name: "[oss-security] 20180129 Re: CVE-2017-18078: systemd-tmpfiles root privilege", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2018/01/29/4", }, { name: "[debian-lts-announce] 20190424 [SECURITY] [DLA 1762-1] systemd security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-01-28T00:00:00", descriptions: [ { lang: "en", value: "systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-29T14:09:32", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "openSUSE-SU-2018:0560", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2018-02/msg00109.html", }, { name: "[oss-security] 20180129 CVE-2018-18078: systemd-tmpfiles root privilege escalation with fs.protected_hardlinks=0", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2018/01/29/3", }, { name: "43935", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/43935/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/systemd/systemd/issues/7736", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html", }, { name: "[oss-security] 20180129 Re: CVE-2017-18078: systemd-tmpfiles root privilege", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://www.openwall.com/lists/oss-security/2018/01/29/4", }, { name: "[debian-lts-announce] 20190424 [SECURITY] [DLA 1762-1] systemd security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-18078", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "openSUSE-SU-2018:0560", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2018-02/msg00109.html", }, { name: "[oss-security] 20180129 CVE-2018-18078: systemd-tmpfiles root privilege escalation with fs.protected_hardlinks=0", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2018/01/29/3", }, { name: "43935", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/43935/", }, { name: "https://github.com/systemd/systemd/issues/7736", refsource: "MISC", url: "https://github.com/systemd/systemd/issues/7736", }, { name: "http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html", }, { name: "[oss-security] 20180129 Re: CVE-2017-18078: systemd-tmpfiles root privilege", refsource: "MLIST", url: "https://www.openwall.com/lists/oss-security/2018/01/29/4", }, { name: "[debian-lts-announce] 20190424 [SECURITY] [DLA 1762-1] systemd security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-18078", datePublished: "2018-01-29T05:00:00", dateReserved: "2018-01-28T00:00:00", dateUpdated: "2024-08-05T21:13:47.523Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-1000082
Vulnerability from cvelistv5
Published
2017-07-07 17:00
Modified
2024-08-05 21:53
Severity ?
EPSS score ?
Summary
systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.
References
▼ | URL | Tags |
---|---|---|
https://github.com/systemd/systemd/issues/6237 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1038839 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/99507 | vdb-entry, x_refsource_BID | |
http://www.openwall.com/lists/oss-security/2017/07/02/1 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:53:06.254Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/systemd/systemd/issues/6237", }, { name: "1038839", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038839", }, { name: "99507", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99507", }, { name: "[oss-security] 20170702 systemd fails to parse user that should run service", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2017/07/02/1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-07-02T00:00:00", descriptions: [ { lang: "en", value: "systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. \"0day\"), running the service in question with root privileges rather than the user intended.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-22T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/systemd/systemd/issues/6237", }, { name: "1038839", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038839", }, { name: "99507", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99507", }, { name: "[oss-security] 20170702 systemd fails to parse user that should run service", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2017/07/02/1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-1000082", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. \"0day\"), running the service in question with root privileges rather than the user intended.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/systemd/systemd/issues/6237", refsource: "CONFIRM", url: "https://github.com/systemd/systemd/issues/6237", }, { name: "1038839", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038839", }, { name: "99507", refsource: "BID", url: "http://www.securityfocus.com/bid/99507", }, { name: "[oss-security] 20170702 systemd fails to parse user that should run service", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2017/07/02/1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-1000082", datePublished: "2017-07-07T17:00:00", dateReserved: "2017-07-07T00:00:00", dateUpdated: "2024-08-05T21:53:06.254Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-3844
Vulnerability from cvelistv5
Published
2019-04-26 20:26
Modified
2024-08-04 19:19
Severity ?
EPSS score ?
Summary
It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/108096 | vdb-entry, x_refsource_BID | |
https://security.netapp.com/advisory/ntap-20190619-0002/ | x_refsource_CONFIRM | |
https://usn.ubuntu.com/4269-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E | mailing-list, x_refsource_MLIST | |
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | [freedesktop.org] | systemd |
Version: 242 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:19:18.587Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844", }, { name: "108096", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/108096", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190619-0002/", }, { name: "USN-4269-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4269-1/", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "systemd", vendor: "[freedesktop.org]", versions: [ { status: "affected", version: "242", }, ], }, ], descriptions: [ { lang: "en", value: "It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-268", description: "CWE-268", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-29T14:08:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844", }, { name: "108096", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/108096", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190619-0002/", }, { name: "USN-4269-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4269-1/", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2019-3844", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "systemd", version: { version_data: [ { version_value: "242", }, ], }, }, ], }, vendor_name: "[freedesktop.org]", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.", }, ], }, impact: { cvss: [ [ { vectorString: "4.5/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, ], ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-268", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844", }, { name: "108096", refsource: "BID", url: "http://www.securityfocus.com/bid/108096", }, { name: "https://security.netapp.com/advisory/ntap-20190619-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190619-0002/", }, { name: "USN-4269-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4269-1/", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2019-3844", datePublished: "2019-04-26T20:26:53", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-08-04T19:19:18.587Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-15908
Vulnerability from cvelistv5
Published
2017-10-26 14:00
Modified
2024-08-05 20:04
Severity ?
EPSS score ?
Summary
In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1039662 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/101600 | vdb-entry, x_refsource_BID | |
https://github.com/systemd/systemd/pull/7184 | x_refsource_CONFIRM | |
https://usn.ubuntu.com/3558-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T20:04:50.415Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1039662", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039662", }, { name: "101600", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/101600", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/systemd/systemd/pull/7184", }, { name: "USN-3558-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3558-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-10-26T00:00:00", descriptions: [ { lang: "en", value: "In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-03-15T09:57:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1039662", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039662", }, { name: "101600", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/101600", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/systemd/systemd/pull/7184", }, { name: "USN-3558-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3558-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-15908", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1039662", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039662", }, { name: "101600", refsource: "BID", url: "http://www.securityfocus.com/bid/101600", }, { name: "https://github.com/systemd/systemd/pull/7184", refsource: "CONFIRM", url: "https://github.com/systemd/systemd/pull/7184", }, { name: "USN-3558-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3558-1/", }, { name: "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351", refsource: "CONFIRM", url: "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-15908", datePublished: "2017-10-26T14:00:00", dateReserved: "2017-10-25T00:00:00", dateUpdated: "2024-08-05T20:04:50.415Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-6954
Vulnerability from cvelistv5
Published
2018-02-13 20:00
Modified
2024-08-05 06:17
Severity ?
EPSS score ?
Summary
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3816-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://github.com/systemd/systemd/issues/7986 | x_refsource_MISC | |
https://usn.ubuntu.com/3816-1/ | vendor-advisory, x_refsource_UBUNTU | |
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html | vendor-advisory, x_refsource_SUSE | |
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E | mailing-list, x_refsource_MLIST | |
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:17:17.343Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-3816-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3816-2/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/systemd/systemd/issues/7986", }, { name: "USN-3816-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3816-1/", }, { name: "openSUSE-SU-2019:1450", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-02-13T00:00:00", descriptions: [ { lang: "en", value: "systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-29T14:09:52", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "USN-3816-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3816-2/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/systemd/systemd/issues/7986", }, { name: "USN-3816-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3816-1/", }, { name: "openSUSE-SU-2019:1450", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-6954", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "USN-3816-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3816-2/", }, { name: "https://github.com/systemd/systemd/issues/7986", refsource: "MISC", url: "https://github.com/systemd/systemd/issues/7986", }, { name: "USN-3816-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3816-1/", }, { name: "openSUSE-SU-2019:1450", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-6954", datePublished: "2018-02-13T20:00:00", dateReserved: "2018-02-13T00:00:00", dateUpdated: "2024-08-05T06:17:17.343Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-6454
Vulnerability from cvelistv5
Published
2019-03-17 16:38
Modified
2024-08-04 20:23
Severity ?
EPSS score ?
Summary
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:23:21.049Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FEDORA-2019-8434288a24", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N67IOBOTDOMVNQJ5QRU2MXLEECXPGNVJ/", }, { name: "[oss-security] 20190218 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/02/18/3", }, { name: "107081", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/107081", }, { name: "USN-3891-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3891-1/", }, { name: "RHSA-2019:0368", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0368", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c", }, { name: "SUSE-SA:2019:0255-1", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html", }, { name: "[oss-security] 20190219 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/02/19/1", }, { name: "[SECURITY] [DLA 1684-1] 20190219 systemd security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/02/msg00031.html", }, { name: "DSA-4393-1", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4393", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190327-0004/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10278", }, { name: "RHSA-2019:0990", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0990", }, { name: "openSUSE-SU-2019:1450", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", }, { name: "RHSA-2019:1322", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1322", }, { name: "RHSA-2019:1502", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1502", }, { name: "RHSA-2019:2805", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2805", }, { name: "[oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/07/20/2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-02-18T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-20T14:06:12", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "FEDORA-2019-8434288a24", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N67IOBOTDOMVNQJ5QRU2MXLEECXPGNVJ/", }, { name: "[oss-security] 20190218 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/02/18/3", }, { name: "107081", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/107081", }, { name: "USN-3891-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3891-1/", }, { name: "RHSA-2019:0368", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0368", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c", }, { name: "SUSE-SA:2019:0255-1", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html", }, { name: "[oss-security] 20190219 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/02/19/1", }, { name: "[SECURITY] [DLA 1684-1] 20190219 systemd security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/02/msg00031.html", }, { name: "DSA-4393-1", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4393", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190327-0004/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10278", }, { name: "RHSA-2019:0990", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0990", }, { name: "openSUSE-SU-2019:1450", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", }, { name: "RHSA-2019:1322", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1322", }, { name: "RHSA-2019:1502", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1502", }, { name: "RHSA-2019:2805", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2805", }, { name: "[oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/07/20/2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-6454", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "FEDORA-2019-8434288a24", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N67IOBOTDOMVNQJ5QRU2MXLEECXPGNVJ/", }, { name: "[oss-security] 20190218 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2019/02/18/3", }, { name: "107081", refsource: "BID", url: "http://www.securityfocus.com/bid/107081", }, { name: "USN-3891-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3891-1/", }, { name: "RHSA-2019:0368", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:0368", }, { name: "https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c", refsource: "MISC", url: "https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c", }, { name: "SUSE-SA:2019:0255-1", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html", }, { name: "[oss-security] 20190219 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2019/02/19/1", }, { name: "[SECURITY] [DLA 1684-1] 20190219 systemd security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/02/msg00031.html", }, { name: "DSA-4393-1", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4393", }, { name: "https://security.netapp.com/advisory/ntap-20190327-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190327-0004/", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10278", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10278", }, { name: "RHSA-2019:0990", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:0990", }, { name: "openSUSE-SU-2019:1450", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", }, { name: "RHSA-2019:1322", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1322", }, { name: "RHSA-2019:1502", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1502", }, { name: "RHSA-2019:2805", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2805", }, { name: "[oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/07/20/2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-6454", datePublished: "2019-03-17T16:38:57", dateReserved: "2019-01-16T00:00:00", dateUpdated: "2024-08-04T20:23:21.049Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4415
Vulnerability from cvelistv5
Published
2023-01-11 00:00
Modified
2024-08-03 01:41
Severity ?
EPSS score ?
Summary
A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:41:44.439Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20230216-0010/", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2022/12/21/3", }, { tags: [ "x_transferred", ], url: "https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "systemd", vendor: "n/a", versions: [ { status: "affected", version: "systemd >= 247", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-11T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://www.openwall.com/lists/oss-security/2022/12/21/3", }, { url: "https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2022-4415", datePublished: "2023-01-11T00:00:00", dateReserved: "2022-12-12T00:00:00", dateUpdated: "2024-08-03T01:41:44.439Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-16865
Vulnerability from cvelistv5
Published
2019-01-11 21:00
Modified
2024-08-05 10:32
Severity ?
EPSS score ?
Summary
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The systemd Project | systemd |
Version: through v240 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T10:32:54.176Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2019:0342", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0342", }, { name: "[debian-lts-announce] 20190123 [SECURITY] [DLA 1639-1] systemd security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html", }, { name: "106525", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/106525", }, { name: "DSA-4367", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4367", }, { name: "RHSA-2019:0204", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0204", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16865", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190117-0001/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.qualys.com/2019/01/09/system-down/system-down.txt", }, { name: "USN-3855-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3855-1/", }, { name: "RHSA-2019:0049", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0049", }, { name: "RHSA-2019:0271", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0271", }, { name: "RHSA-2019:0361", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0361", }, { name: "GLSA-201903-07", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201903-07", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "RHBA-2019:0327", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHBA-2019:0327", }, { name: "[oss-security] 20190510 Re: System Down: A systemd-journald exploit", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/05/10/4", }, { name: "20190513 Re: System Down: A systemd-journald exploit", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/May/25", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html", }, { name: "20190513 Re: System Down: A systemd-journald exploit", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/May/21", }, { name: "RHSA-2019:2402", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2402", }, { name: "[oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/07/20/2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "systemd", vendor: "The systemd Project", versions: [ { status: "affected", version: "through v240", }, ], }, ], datePublic: "2019-01-09T00:00:00", descriptions: [ { lang: "en", value: "An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-20T14:06:07", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2019:0342", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0342", }, { name: "[debian-lts-announce] 20190123 [SECURITY] [DLA 1639-1] systemd security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html", }, { name: "106525", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/106525", }, { name: "DSA-4367", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4367", }, { name: "RHSA-2019:0204", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0204", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16865", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190117-0001/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.qualys.com/2019/01/09/system-down/system-down.txt", }, { name: "USN-3855-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3855-1/", }, { name: "RHSA-2019:0049", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0049", }, { name: "RHSA-2019:0271", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0271", }, { name: "RHSA-2019:0361", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0361", }, { name: "GLSA-201903-07", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201903-07", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "RHBA-2019:0327", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHBA-2019:0327", }, { name: "[oss-security] 20190510 Re: System Down: A systemd-journald exploit", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/05/10/4", }, { name: "20190513 Re: System Down: A systemd-journald exploit", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/May/25", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html", }, { name: "20190513 Re: System Down: A systemd-journald exploit", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/May/21", }, { name: "RHSA-2019:2402", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2402", }, { name: "[oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/07/20/2", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2018-16865", datePublished: "2019-01-11T21:00:00", dateReserved: "2018-09-11T00:00:00", dateUpdated: "2024-08-05T10:32:54.176Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4393
Vulnerability from cvelistv5
Published
2013-10-28 22:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor.
References
▼ | URL | Tags |
---|---|---|
https://security.gentoo.org/glsa/201612-34 | vendor-advisory, x_refsource_GENTOO | |
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2013/10/01/9 | mailing-list, x_refsource_MLIST | |
https://bugzilla.redhat.com/show_bug.cgi?id=859104 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:45:13.353Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "GLSA-201612-34", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201612-34", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", }, { name: "[oss-security] 20131001 Re: [CVE request] systemd", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/10/01/9", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=859104", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-10-01T00:00:00", descriptions: [ { lang: "en", value: "journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-06-30T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "GLSA-201612-34", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201612-34", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", }, { name: "[oss-security] 20131001 Re: [CVE request] systemd", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2013/10/01/9", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=859104", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-4393", datePublished: "2013-10-28T22:00:00", dateReserved: "2013-06-12T00:00:00", dateUpdated: "2024-08-06T16:45:13.353Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-1101
Vulnerability from cvelistv5
Published
2020-03-11 14:58
Modified
2024-08-06 18:45
Severity ?
EPSS score ?
Summary
systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1101 | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2012/03/05/4 | x_refsource_MISC | |
https://cgit.freedesktop.org/systemd/systemd/commit/?id=9a46fc3b9014de1bf0ed1f3004a536b08a19ebb3 | x_refsource_CONFIRM | |
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662029 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T18:45:27.371Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1101", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/03/05/4", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cgit.freedesktop.org/systemd/systemd/commit/?id=9a46fc3b9014de1bf0ed1f3004a536b08a19ebb3", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662029", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "systemd", vendor: "systemd", versions: [ { status: "affected", version: "37-1", }, ], }, ], datePublic: "2011-12-06T00:00:00", descriptions: [ { lang: "en", value: "systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).", }, ], problemTypes: [ { descriptions: [ { description: "Other", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-11T14:58:57", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1101", }, { tags: [ "x_refsource_MISC", ], url: "http://www.openwall.com/lists/oss-security/2012/03/05/4", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cgit.freedesktop.org/systemd/systemd/commit/?id=9a46fc3b9014de1bf0ed1f3004a536b08a19ebb3", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662029", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-1101", datePublished: "2020-03-11T14:58:57", dateReserved: "2012-02-14T00:00:00", dateUpdated: "2024-08-06T18:45:27.371Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-31439
Vulnerability from cvelistv5
Published
2023-06-13 00:00
Modified
2024-08-02 14:53
Severity ?
EPSS score ?
Summary
An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:53:31.091Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/systemd/systemd/releases", }, { tags: [ "x_transferred", ], url: "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", }, { tags: [ "x_transferred", ], url: "https://github.com/kastel-security/Journald", }, { tags: [ "x_transferred", ], url: "https://github.com/systemd/systemd/pull/28885", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-21T14:35:50.097534", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/systemd/systemd/releases", }, { url: "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", }, { url: "https://github.com/kastel-security/Journald", }, { url: "https://github.com/systemd/systemd/pull/28885", }, ], tags: [ "disputed", ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-31439", datePublished: "2023-06-13T00:00:00", dateReserved: "2023-04-28T00:00:00", dateUpdated: "2024-08-02T14:53:31.091Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-20386
Vulnerability from cvelistv5
Published
2020-01-21 05:12
Modified
2024-08-05 02:39
Severity ?
EPSS score ?
Summary
An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.
References
▼ | URL | Tags |
---|---|---|
https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20200210-0002/ | x_refsource_CONFIRM | |
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html | vendor-advisory, x_refsource_SUSE | |
https://usn.ubuntu.com/4269-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZPCOMW5X6IZZXASCDD2CNW2DLF3YADC/ | vendor-advisory, x_refsource_FEDORA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:39:09.816Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200210-0002/", }, { name: "openSUSE-SU-2020:0208", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", }, { name: "USN-4269-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4269-1/", }, { name: "FEDORA-2020-f8e267d6d0", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZPCOMW5X6IZZXASCDD2CNW2DLF3YADC/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-21T02:06:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200210-0002/", }, { name: "openSUSE-SU-2020:0208", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", }, { name: "USN-4269-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4269-1/", }, { name: "FEDORA-2020-f8e267d6d0", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZPCOMW5X6IZZXASCDD2CNW2DLF3YADC/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-20386", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", refsource: "MISC", url: "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", }, { name: "https://security.netapp.com/advisory/ntap-20200210-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200210-0002/", }, { name: "openSUSE-SU-2020:0208", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", }, { name: "USN-4269-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4269-1/", }, { name: "FEDORA-2020-f8e267d6d0", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZPCOMW5X6IZZXASCDD2CNW2DLF3YADC/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20386", datePublished: "2020-01-21T05:12:30", dateReserved: "2020-01-21T00:00:00", dateUpdated: "2024-08-05T02:39:09.816Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4392
Vulnerability from cvelistv5
Published
2013-10-28 22:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=859060 | x_refsource_CONFIRM | |
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2013/10/01/9 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:45:13.766Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=859060", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", }, { name: "[oss-security] 20131001 Re: [CVE request] systemd", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/10/01/9", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-10-01T00:00:00", descriptions: [ { lang: "en", value: "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-12-05T17:57:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=859060", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", }, { name: "[oss-security] 20131001 Re: [CVE request] systemd", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2013/10/01/9", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-4392", datePublished: "2013-10-28T22:00:00", dateReserved: "2013-06-12T00:00:00", dateUpdated: "2024-08-06T16:45:13.766Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-9217
Vulnerability from cvelistv5
Published
2017-05-24 04:56
Modified
2024-12-13 13:09
Severity ?
EPSS score ?
Summary
systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section.
References
▼ | URL | Tags |
---|---|---|
https://github.com/systemd/systemd/pull/5998 | x_refsource_CONFIRM | |
https://launchpad.net/bugs/1621396 | x_refsource_CONFIRM | |
https://github.com/systemd/systemd/commit/a924f43f30f9c4acaf70618dd2a055f8b0f166be | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98677 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-12-13T13:09:19.180Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/systemd/systemd/pull/5998", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://launchpad.net/bugs/1621396", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/systemd/systemd/commit/a924f43f30f9c4acaf70618dd2a055f8b0f166be", }, { name: "98677", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/98677", }, { url: "https://security.netapp.com/advisory/ntap-20241213-0003/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-05-24T00:00:00", descriptions: [ { lang: "en", value: "systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-05-29T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/systemd/systemd/pull/5998", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://launchpad.net/bugs/1621396", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/systemd/systemd/commit/a924f43f30f9c4acaf70618dd2a055f8b0f166be", }, { name: "98677", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/98677", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-9217", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/systemd/systemd/pull/5998", refsource: "CONFIRM", url: "https://github.com/systemd/systemd/pull/5998", }, { name: "https://launchpad.net/bugs/1621396", refsource: "CONFIRM", url: "https://launchpad.net/bugs/1621396", }, { name: "https://github.com/systemd/systemd/commit/a924f43f30f9c4acaf70618dd2a055f8b0f166be", refsource: "CONFIRM", url: "https://github.com/systemd/systemd/commit/a924f43f30f9c4acaf70618dd2a055f8b0f166be", }, { name: "98677", refsource: "BID", url: "http://www.securityfocus.com/bid/98677", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-9217", datePublished: "2017-05-24T04:56:00", dateReserved: "2017-05-24T00:00:00", dateUpdated: "2024-12-13T13:09:19.180Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-3997
Vulnerability from cvelistv5
Published
2022-08-23 00:00
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:16:02.914Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2024639", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2022/01/10/2", }, { tags: [ "x_transferred", ], url: "https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1", }, { tags: [ "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2021-3997", }, { name: "GLSA-202305-15", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-15", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "systemd", vendor: "n/a", versions: [ { status: "affected", version: "Fixed in v251-rc1", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-674", description: "CWE-674 - Uncontrolled Recursion", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-03T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2024639", }, { url: "https://www.openwall.com/lists/oss-security/2022/01/10/2", }, { url: "https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1", }, { url: "https://access.redhat.com/security/cve/CVE-2021-3997", }, { name: "GLSA-202305-15", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-15", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-3997", datePublished: "2022-08-23T00:00:00", dateReserved: "2021-11-22T00:00:00", dateUpdated: "2024-08-03T17:16:02.914Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-26604
Vulnerability from cvelistv5
Published
2023-03-03 00:00
Modified
2024-08-02 11:53
Severity ?
EPSS score ?
Summary
systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:53:53.661Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://medium.com/%40zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7", }, { tags: [ "x_transferred", ], url: "https://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340", }, { tags: [ "x_transferred", ], url: "https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality/", }, { name: "[debian-lts-announce] 20230331 [SECURITY] [DLA 3377-1] systemd security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/03/msg00032.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230505-0009/", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/174130/systemd-246-Local-Root-Privilege-Escalation.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the \"systemctl status\" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-11T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://medium.com/%40zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7", }, { url: "https://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340", }, { url: "https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality/", }, { name: "[debian-lts-announce] 20230331 [SECURITY] [DLA 3377-1] systemd security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/03/msg00032.html", }, { url: "https://security.netapp.com/advisory/ntap-20230505-0009/", }, { url: "http://packetstormsecurity.com/files/174130/systemd-246-Local-Root-Privilege-Escalation.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-26604", datePublished: "2023-03-03T00:00:00", dateReserved: "2023-02-26T00:00:00", dateUpdated: "2024-08-02T11:53:53.661Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-21029
Vulnerability from cvelistv5
Published
2019-10-30 21:46
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname validation does not have anything to do with this issue (i.e. there is no hostname to be sent)
References
▼ | URL | Tags |
---|---|---|
https://github.com/systemd/systemd/issues/9397 | x_refsource_MISC | |
https://blog.cloudflare.com/dns-encryption-explained/ | x_refsource_MISC | |
https://github.com/systemd/systemd/blob/v243/src/resolve/resolved-dnstls-gnutls.c#L62-L63 | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NLJVOJMB6ANDILRLDZK26YGLYBEPHKY/ | vendor-advisory, x_refsource_FEDORA | |
https://security.netapp.com/advisory/ntap-20191122-0002/ | x_refsource_CONFIRM | |
https://github.com/systemd/systemd/pull/13870 | x_refsource_MISC | |
https://github.com/systemd/systemd/blob/v243/man/resolved.conf.xml#L196-L207 | x_refsource_MISC | |
https://github.com/systemd/systemd/blob/v239/man/resolved.conf.xml#L199-L207 | x_refsource_MISC | |
https://tools.ietf.org/html/rfc7858#section-4.1 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:19:27.514Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/systemd/systemd/issues/9397", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.cloudflare.com/dns-encryption-explained/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/systemd/systemd/blob/v243/src/resolve/resolved-dnstls-gnutls.c#L62-L63", }, { name: "FEDORA-2019-4c3ce3aa5c", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NLJVOJMB6ANDILRLDZK26YGLYBEPHKY/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20191122-0002/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/systemd/systemd/pull/13870", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/systemd/systemd/blob/v243/man/resolved.conf.xml#L196-L207", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/systemd/systemd/blob/v239/man/resolved.conf.xml#L199-L207", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://tools.ietf.org/html/rfc7858#section-4.1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname validation does not have anything to do with this issue (i.e. there is no hostname to be sent)", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-02T12:42:32", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/systemd/systemd/issues/9397", }, { tags: [ "x_refsource_MISC", ], url: "https://blog.cloudflare.com/dns-encryption-explained/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/systemd/systemd/blob/v243/src/resolve/resolved-dnstls-gnutls.c#L62-L63", }, { name: "FEDORA-2019-4c3ce3aa5c", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NLJVOJMB6ANDILRLDZK26YGLYBEPHKY/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20191122-0002/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/systemd/systemd/pull/13870", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/systemd/systemd/blob/v243/man/resolved.conf.xml#L196-L207", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/systemd/systemd/blob/v239/man/resolved.conf.xml#L199-L207", }, { tags: [ "x_refsource_MISC", ], url: "https://tools.ietf.org/html/rfc7858#section-4.1", }, ], tags: [ "disputed", ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-21029", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** DISPUTED ** systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname validation does not have anything to do with this issue (i.e. there is no hostname to be sent).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/systemd/systemd/issues/9397", refsource: "MISC", url: "https://github.com/systemd/systemd/issues/9397", }, { name: "https://blog.cloudflare.com/dns-encryption-explained/", refsource: "MISC", url: "https://blog.cloudflare.com/dns-encryption-explained/", }, { name: "https://github.com/systemd/systemd/blob/v243/src/resolve/resolved-dnstls-gnutls.c#L62-L63", refsource: "MISC", url: "https://github.com/systemd/systemd/blob/v243/src/resolve/resolved-dnstls-gnutls.c#L62-L63", }, { name: "FEDORA-2019-4c3ce3aa5c", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4NLJVOJMB6ANDILRLDZK26YGLYBEPHKY/", }, { name: "https://security.netapp.com/advisory/ntap-20191122-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20191122-0002/", }, { name: "https://github.com/systemd/systemd/pull/13870", refsource: "MISC", url: "https://github.com/systemd/systemd/pull/13870", }, { name: "https://github.com/systemd/systemd/blob/v243/man/resolved.conf.xml#L196-L207", refsource: "MISC", url: "https://github.com/systemd/systemd/blob/v243/man/resolved.conf.xml#L196-L207", }, { name: "https://github.com/systemd/systemd/blob/v239/man/resolved.conf.xml#L199-L207", refsource: "MISC", url: "https://github.com/systemd/systemd/blob/v239/man/resolved.conf.xml#L199-L207", }, { name: "https://tools.ietf.org/html/rfc7858#section-4.1", refsource: "MISC", url: "https://tools.ietf.org/html/rfc7858#section-4.1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-21029", datePublished: "2019-10-30T21:46:51", dateReserved: "2019-10-30T00:00:00", dateUpdated: "2024-08-05T12:19:27.514Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-16864
Vulnerability from cvelistv5
Published
2019-01-11 20:00
Modified
2024-08-05 10:32
Severity ?
EPSS score ?
Summary
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The systemd Project | systemd |
Version: through v240 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T10:32:54.107Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "106523", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/106523", }, { name: "RHSA-2019:0342", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0342", }, { name: "[debian-lts-announce] 20190123 [SECURITY] [DLA 1639-1] systemd security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html", }, { name: "DSA-4367", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4367", }, { name: "RHSA-2019:0204", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0204", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190117-0001/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16864", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.qualys.com/2019/01/09/system-down/system-down.txt", }, { name: "USN-3855-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3855-1/", }, { name: "RHSA-2019:0049", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0049", }, { name: "RHSA-2019:0271", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0271", }, { name: "RHSA-2019:0361", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0361", }, { name: "GLSA-201903-07", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201903-07", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "RHBA-2019:0327", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHBA-2019:0327", }, { name: "RHSA-2019:2402", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2402", }, { name: "[oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/07/20/2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "systemd", vendor: "The systemd Project", versions: [ { status: "affected", version: "through v240", }, ], }, ], datePublic: "2019-01-09T00:00:00", descriptions: [ { lang: "en", value: "An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-20T14:06:10", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "106523", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/106523", }, { name: "RHSA-2019:0342", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0342", }, { name: "[debian-lts-announce] 20190123 [SECURITY] [DLA 1639-1] systemd security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html", }, { name: "DSA-4367", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4367", }, { name: "RHSA-2019:0204", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0204", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190117-0001/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16864", }, { tags: [ "x_refsource_MISC", ], url: "https://www.qualys.com/2019/01/09/system-down/system-down.txt", }, { name: "USN-3855-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3855-1/", }, { name: "RHSA-2019:0049", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0049", }, { name: "RHSA-2019:0271", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0271", }, { name: "RHSA-2019:0361", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0361", }, { name: "GLSA-201903-07", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201903-07", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "RHBA-2019:0327", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHBA-2019:0327", }, { name: "RHSA-2019:2402", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2402", }, { name: "[oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/07/20/2", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2018-16864", datePublished: "2019-01-11T20:00:00", dateReserved: "2018-09-11T00:00:00", dateUpdated: "2024-08-05T10:32:54.107Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4394
Vulnerability from cvelistv5
Published
2013-10-28 22:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters."
References
▼ | URL | Tags |
---|---|---|
https://security.gentoo.org/glsa/201612-34 | vendor-advisory, x_refsource_GENTOO | |
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357 | x_refsource_CONFIRM | |
https://bugzilla.redhat.com/show_bug.cgi?id=862324 | x_refsource_CONFIRM | |
http://www.debian.org/security/2013/dsa-2777 | vendor-advisory, x_refsource_DEBIAN | |
http://www.openwall.com/lists/oss-security/2013/10/01/9 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:45:14.665Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "GLSA-201612-34", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201612-34", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=862324", }, { name: "DSA-2777", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2013/dsa-2777", }, { name: "[oss-security] 20131001 Re: [CVE request] systemd", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/10/01/9", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-09-23T00:00:00", descriptions: [ { lang: "en", value: "The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving \"special and control characters.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-06-30T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "GLSA-201612-34", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201612-34", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=862324", }, { name: "DSA-2777", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2013/dsa-2777", }, { name: "[oss-security] 20131001 Re: [CVE request] systemd", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2013/10/01/9", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-4394", datePublished: "2013-10-28T22:00:00", dateReserved: "2013-06-12T00:00:00", dateUpdated: "2024-08-06T16:45:14.665Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-7796
Vulnerability from cvelistv5
Published
2016-10-13 14:00
Modified
2024-08-06 02:04
Severity ?
EPSS score ?
Summary
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.
References
▼ | URL | Tags |
---|---|---|
http://www.openwall.com/lists/oss-security/2016/09/30/1 | mailing-list, x_refsource_MLIST | |
https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet | x_refsource_MISC | |
https://github.com/systemd/systemd/issues/4234#issuecomment-250441246 | x_refsource_CONFIRM | |
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00015.html | vendor-advisory, x_refsource_SUSE | |
https://bugzilla.redhat.com/show_bug.cgi?id=1381911 | x_refsource_CONFIRM | |
http://rhn.redhat.com/errata/RHSA-2017-0003.html | vendor-advisory, x_refsource_REDHAT | |
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00016.html | vendor-advisory, x_refsource_SUSE | |
http://www.securitytracker.com/id/1037320 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/93250 | vdb-entry, x_refsource_BID | |
https://rhn.redhat.com/errata/RHBA-2015-2092.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:04:56.092Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20160930 Re: CVE Request: systemd v209+: local denial-of-service attack", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/09/30/1", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/systemd/systemd/issues/4234#issuecomment-250441246", }, { name: "SUSE-SU-2016:2475", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00015.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1381911", }, { name: "RHSA-2017:0003", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0003.html", }, { name: "SUSE-SU-2016:2476", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00016.html", }, { name: "1037320", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037320", }, { name: "93250", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93250", }, { name: "RHBA-2015:2092", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://rhn.redhat.com/errata/RHBA-2015-2092.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-09-28T00:00:00", descriptions: [ { lang: "en", value: "The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-27T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[oss-security] 20160930 Re: CVE Request: systemd v209+: local denial-of-service attack", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/09/30/1", }, { tags: [ "x_refsource_MISC", ], url: "https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/systemd/systemd/issues/4234#issuecomment-250441246", }, { name: "SUSE-SU-2016:2475", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00015.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1381911", }, { name: "RHSA-2017:0003", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0003.html", }, { name: "SUSE-SU-2016:2476", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00016.html", }, { name: "1037320", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037320", }, { name: "93250", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93250", }, { name: "RHBA-2015:2092", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://rhn.redhat.com/errata/RHBA-2015-2092.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-7796", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20160930 Re: CVE Request: systemd v209+: local denial-of-service attack", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/09/30/1", }, { name: "https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet", refsource: "MISC", url: "https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet", }, { name: "https://github.com/systemd/systemd/issues/4234#issuecomment-250441246", refsource: "CONFIRM", url: "https://github.com/systemd/systemd/issues/4234#issuecomment-250441246", }, { name: "SUSE-SU-2016:2475", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00015.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1381911", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1381911", }, { name: "RHSA-2017:0003", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2017-0003.html", }, { name: "SUSE-SU-2016:2476", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00016.html", }, { name: "1037320", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037320", }, { name: "93250", refsource: "BID", url: "http://www.securityfocus.com/bid/93250", }, { name: "RHBA-2015:2092", refsource: "REDHAT", url: "https://rhn.redhat.com/errata/RHBA-2015-2092.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-7796", datePublished: "2016-10-13T14:00:00", dateReserved: "2016-09-09T00:00:00", dateUpdated: "2024-08-06T02:04:56.092Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-3843
Vulnerability from cvelistv5
Published
2019-04-26 20:27
Modified
2024-08-04 19:19
Severity ?
EPSS score ?
Summary
It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843 | x_refsource_CONFIRM | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/ | vendor-advisory, x_refsource_FEDORA | |
http://www.securityfocus.com/bid/108116 | vdb-entry, x_refsource_BID | |
https://security.netapp.com/advisory/ntap-20190619-0002/ | x_refsource_CONFIRM | |
https://usn.ubuntu.com/4269-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E | mailing-list, x_refsource_MLIST | |
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | [freedesktop.org] | systemd |
Version: 242 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:19:18.567Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843", }, { name: "FEDORA-2019-7322053e74", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/", }, { name: "108116", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/108116", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190619-0002/", }, { name: "USN-4269-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4269-1/", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "systemd", vendor: "[freedesktop.org]", versions: [ { status: "affected", version: "242", }, ], }, ], descriptions: [ { lang: "en", value: "It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-266", description: "CWE-266", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-29T14:07:57", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843", }, { name: "FEDORA-2019-7322053e74", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/", }, { name: "108116", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/108116", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190619-0002/", }, { name: "USN-4269-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4269-1/", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2019-3843", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "systemd", version: { version_data: [ { version_value: "242", }, ], }, }, ], }, vendor_name: "[freedesktop.org]", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.", }, ], }, impact: { cvss: [ [ { vectorString: "4.5/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, ], ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-266", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843", }, { name: "FEDORA-2019-7322053e74", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/", }, { name: "108116", refsource: "BID", url: "http://www.securityfocus.com/bid/108116", }, { name: "https://security.netapp.com/advisory/ntap-20190619-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190619-0002/", }, { name: "USN-4269-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4269-1/", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2019-3843", datePublished: "2019-04-26T20:27:30", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-08-04T19:19:18.567Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-15718
Vulnerability from cvelistv5
Published
2019-09-04 11:04
Modified
2024-08-05 00:56
Severity ?
EPSS score ?
Summary
In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1746057 | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2019/09/03/1 | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/ | vendor-advisory, x_refsource_FEDORA | |
https://access.redhat.com/errata/RHSA-2019:3592 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2019:3941 | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:56:22.337Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1746057", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/09/03/1", }, { name: "FEDORA-2019-d5bd5f0aa4", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/", }, { name: "FEDORA-2019-24e1d561e5", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/", }, { name: "FEDORA-2019-8a7dfdf1f3", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/", }, { name: "RHSA-2019:3592", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3592", }, { name: "RHSA-2019:3941", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3941", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-11-21T12:07:03", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1746057", }, { tags: [ "x_refsource_MISC", ], url: "http://www.openwall.com/lists/oss-security/2019/09/03/1", }, { name: "FEDORA-2019-d5bd5f0aa4", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/", }, { name: "FEDORA-2019-24e1d561e5", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/", }, { name: "FEDORA-2019-8a7dfdf1f3", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/", }, { name: "RHSA-2019:3592", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3592", }, { name: "RHSA-2019:3941", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3941", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-15718", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1746057", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1746057", }, { name: "http://www.openwall.com/lists/oss-security/2019/09/03/1", refsource: "MISC", url: "http://www.openwall.com/lists/oss-security/2019/09/03/1", }, { name: "FEDORA-2019-d5bd5f0aa4", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/", }, { name: "FEDORA-2019-24e1d561e5", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/", }, { name: "FEDORA-2019-8a7dfdf1f3", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/", }, { name: "RHSA-2019:3592", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3592", }, { name: "RHSA-2019:3941", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3941", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-15718", datePublished: "2019-09-04T11:04:31", dateReserved: "2019-08-28T00:00:00", dateUpdated: "2024-08-05T00:56:22.337Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-2526
Vulnerability from cvelistv5
Published
2022-09-09 00:00
Modified
2024-08-03 00:39
Severity ?
EPSS score ?
Summary
A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | systemd-resolved |
Version: systemd 240 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T00:39:08.031Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/systemd/systemd/commit/d973d94dec349fb676fdd844f6fe2ada3538f27c", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20221111-0005/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "systemd-resolved", vendor: "n/a", versions: [ { status: "affected", version: "systemd 240", }, ], }, ], descriptions: [ { lang: "en", value: "A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-14T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://github.com/systemd/systemd/commit/d973d94dec349fb676fdd844f6fe2ada3538f27c", }, { url: "https://security.netapp.com/advisory/ntap-20221111-0005/", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2022-2526", datePublished: "2022-09-09T00:00:00", dateReserved: "2022-07-24T00:00:00", dateUpdated: "2024-08-03T00:39:08.031Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2017-05-24 05:29
Modified
2024-12-13 14:15
Severity ?
Summary
systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "E819026E-9D55-416F-8781-3B8C9C6A1776", versionEndIncluding: "233", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section.", }, { lang: "es", value: "systemd-resolved hasta la versión 223 permite a los atacantes remotos provocar una denegación de servicio (daemon crash) mediante una respuesta DNS manipulada con un sección de preguntas vacía.", }, ], id: "CVE-2017-9217", lastModified: "2024-12-13T14:15:18.280", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-05-24T05:29:00.223", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98677", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commit/a924f43f30f9c4acaf70618dd2a055f8b0f166be", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/pull/5998", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://launchpad.net/bugs/1621396", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98677", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commit/a924f43f30f9c4acaf70618dd2a055f8b0f166be", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/pull/5998", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://launchpad.net/bugs/1621396", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20241213-0003/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-13 17:15
Modified
2024-11-21 08:01
Severity ?
Summary
An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | 253 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:253:-:*:*:*:*:*:*", matchCriteriaId: "733DE777-9802-4CB6-8B03-6B6295BCE29D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", }, ], id: "CVE-2023-31438", lastModified: "2024-11-21T08:01:51.953", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-13T17:15:14.707", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/kastel-security/Journald", }, { source: "cve@mitre.org", tags: [ "Technical Description", ], url: "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", }, { source: "cve@mitre.org", url: "https://github.com/systemd/systemd/pull/28886", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/systemd/systemd/releases", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/kastel-security/Journald", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", ], url: "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/systemd/systemd/pull/28886", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/systemd/systemd/releases", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-354", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-06-28 06:29
Modified
2024-11-21 03:36
Severity ?
Summary
In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://openwall.com/lists/oss-security/2017/06/27/8 | Mailing List, Patch, Third Party Advisory | |
cve@mitre.org | http://www.securityfocus.com/bid/99302 | Third Party Advisory, VDB Entry | |
cve@mitre.org | http://www.securitytracker.com/id/1038806 | Third Party Advisory, VDB Entry | |
cve@mitre.org | https://launchpad.net/bugs/1695546 | Broken Link | |
af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2017/06/27/8 | Mailing List, Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99302 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038806 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.net/bugs/1695546 | Broken Link |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "838D37A0-18AB-4999-B577-3F38064D99A5", versionEndIncluding: "233", versionStartIncluding: "223", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it.", }, { lang: "es", value: "En systemd hasta la versión 233, ciertos tamaños pasados a la función dns_packet_new en systemd-resolved pueden causar que asigne un búfer que es muy pequeño. Un servidor DNS malicioso puede aprovechar esto por medio de una respuesta con una carga útil TCP especialmente creada para engañar a systemd-resolved en la asignación de un búfer que es muy pequeño, y posteriormente escribir datos arbitrarios más allá del final de la misma.", }, ], id: "CVE-2017-9445", lastModified: "2024-11-21T03:36:08.940", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-06-28T06:29:00.190", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://openwall.com/lists/oss-security/2017/06/27/8", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99302", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038806", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://launchpad.net/bugs/1695546", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://openwall.com/lists/oss-security/2017/06/27/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99302", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038806", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://launchpad.net/bugs/1695546", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-11 19:29
Modified
2024-11-21 03:53
Severity ?
Summary
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "026806D8-B8D6-4C1C-8E1F-32096D38C937", versionEndIncluding: "239", versionStartIncluding: "221", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*", matchCriteriaId: "83077160-BB98-408B-81F0-8EF9E566BF28", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_software:*:*:*:*:*:*:*:*", matchCriteriaId: "FD53FA62-3E99-4D0B-8C62-4517F5CB8DE9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*", matchCriteriaId: "5F6FA12B-504C-4DBF-A32E-0548557AA2ED", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "35A9FD70-E9CA-43AF-A453-E41EAB430E7F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_\\(structure_a\\):7_s390x:*:*:*:*:*:*:*", matchCriteriaId: "6207D51C-883B-4B65-B9BF-408197839BE5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B7614783-C95A-4CBC-81D9-21A044001B6E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*", matchCriteriaId: "1CDCFF34-6F1D-45A1-BE37-6A0E17B04801", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "83D5DE4F-4616-488D-ABA8-FD608784237E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*", matchCriteriaId: "B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "656C4506-ECDD-44D7-BFC7-35B1A3E33DF2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*", matchCriteriaId: "37CE1DC7-72C5-483C-8921-0B462C8284D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "D99A687E-EAE6-417E-A88E-D0082BC194CD", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B353CE99-D57C-465B-AAB0-73EF581127D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*", matchCriteriaId: "C81C5D4E-3CAD-43CE-82BC-B0619CA3A74A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*", matchCriteriaId: "57B5CF5A-D48E-4AD0-91E2-F5BDD44B7A66", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "D5F7E11E-FB34-4467-8919-2B6BEAABF665", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*", matchCriteriaId: "8C7E9628-0915-4C49-8929-F5E060A20CBB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*", matchCriteriaId: "5C450C83-695F-4408-8B4F-0E7D6DDAE345", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.", }, { lang: "es", value: "Se ha descubierto una lectura fuera de límites en systemd-journald en la forma en la que analiza mensajes de registro que terminan con dos puntos \":\". Un atacante local puede emplear este error para divulgar datos de la memoria del proceso. Son vulnerables las versiones desde la v221 hasta la v239.", }, ], id: "CVE-2018-16866", lastModified: "2024-11-21T03:53:28.947", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "secalert@redhat.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-11T19:29:00.233", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/May/21", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/05/10/4", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106527", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2091", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3222", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0593", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/May/25", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201903-07", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190117-0001/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3855-1/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4367", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.qualys.com/2019/01/09/system-down/system-down.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/May/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/05/10/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106527", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2091", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3222", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0593", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/May/25", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201903-07", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190117-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3855-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4367", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.qualys.com/2019/01/09/system-down/system-down.txt", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-200", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2018-10-26 14:29
Modified
2024-11-21 03:51
Severity ?
Summary
A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
canonical | ubuntu_linux | 18.10 | |
systemd_project | systemd | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "A2F20C41-576E-4A98-9BB9-26CB7709C2F1", versionEndExcluding: "240", versionStartIncluding: "235", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.", }, { lang: "es", value: "Una condición de carrera en chown_one() en systemd permite que un atacante provoque que systemd establezca permisos arbitrarios en archivos arbitrarios. Las versiones afectadas de systemd son todas hasta la 239 incluida.", }, ], id: "CVE-2018-15687", lastModified: "2024-11-21T03:51:16.777", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "security@ubuntu.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-10-26T14:29:00.757", references: [ { source: "security@ubuntu.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105748", }, { source: "security@ubuntu.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/pull/10517/commits", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201810-10", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3816-1/", }, { source: "security@ubuntu.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/45715/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105748", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/pull/10517/commits", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201810-10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3816-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/45715/", }, ], sourceIdentifier: "security@ubuntu.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-10-26 14:29
Modified
2024-11-21 03:51
Severity ?
Summary
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
canonical | ubuntu_linux | 18.10 | |
debian | debian_linux | 8.0 | |
systemd_project | systemd | * | |
oracle | communications_cloud_native_core_network_function_cloud_native_environment | 1.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "6091DEBE-CF1A-4BD9-9ECC-50715D8241E2", versionEndIncluding: "239", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "E47FBC8E-1C21-4448-8C59-4D48F08B151B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.", }, { lang: "es", value: "Una vulnerabilidad en unit_deserialize de systemd permite que un atacante proporcione estados arbitrarios en la reejecución de systemd mediante NotifyAccess. Esto puede emplearse para influenciar incorrectamente la ejecución de systemd y podría conducir a un escalado de privilegios root. Las versiones afectadas de systemd son todas hasta la 239 incluida.", }, ], id: "CVE-2018-15686", lastModified: "2024-11-21T03:51:16.633", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1, impactScore: 5.9, source: "security@ubuntu.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-10-26T14:29:00.613", references: [ { source: "security@ubuntu.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105747", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2091", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3222", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0593", }, { source: "security@ubuntu.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/pull/10519", }, { source: "security@ubuntu.com", url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201810-10", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3816-1/", }, { source: "security@ubuntu.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/45714/", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105747", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2091", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3222", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0593", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/pull/10519", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201810-10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3816-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/45714/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, ], sourceIdentifier: "security@ubuntu.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-30 22:15
Modified
2024-11-21 04:02
Severity ?
Summary
systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname validation does not have anything to do with this issue (i.e. there is no hostname to be sent)
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | * | |
fedoraproject | fedora | 31 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "6A177E47-87C0-4499-8DE8-3F7C75FF4FEE", versionEndExcluding: "244", versionStartIncluding: "239", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname validation does not have anything to do with this issue (i.e. there is no hostname to be sent)", }, { lang: "es", value: "** EN DISPUTA ** systemd versiones 239 hasta la versión 245, acepta cualquier certificado firmado por parte de una autoridad de certificación de confianza para DNS Over TLS. La indicación de nombre de servidor (SNI) no se envía y no existe comprobación de nombre de host con el backend GnuTLS. NOTA: Esto ha sido discutido por el desarrollador como una vulnerabilidad, ya que la validación del hostname no tiene nada que ver con este problema (es decir, no hay ningún nombre de host que se envíe)", }, ], id: "CVE-2018-21029", lastModified: "2024-11-21T04:02:43.917", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-30T22:15:10.667", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://blog.cloudflare.com/dns-encryption-explained/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/blob/v239/man/resolved.conf.xml#L199-L207", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/blob/v243/man/resolved.conf.xml#L196-L207", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/blob/v243/src/resolve/resolved-dnstls-gnutls.c#L62-L63", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/issues/9397", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/pull/13870", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NLJVOJMB6ANDILRLDZK26YGLYBEPHKY/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191122-0002/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://tools.ietf.org/html/rfc7858#section-4.1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://blog.cloudflare.com/dns-encryption-explained/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/blob/v239/man/resolved.conf.xml#L199-L207", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/blob/v243/man/resolved.conf.xml#L196-L207", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/blob/v243/src/resolve/resolved-dnstls-gnutls.c#L62-L63", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/issues/9397", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/pull/13870", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NLJVOJMB6ANDILRLDZK26YGLYBEPHKY/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191122-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.ietf.org/html/rfc7858#section-4.1", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-04-26 21:29
Modified
2024-11-21 04:42
Severity ?
Summary
It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | * | |
fedoraproject | fedora | 30 | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
canonical | ubuntu_linux | 19.10 | |
netapp | hci_management_node | - | |
netapp | snapprotect | - | |
netapp | solidfire | - | |
netapp | cn1610_firmware | - | |
netapp | cn1610 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "BACFBEC4-DBBC-4645-9A00-7B4E573F7DF3", versionEndExcluding: "242", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*", matchCriteriaId: "F74F467A-0C81-40D9-BA06-40FB8EF02C04", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "EB30733E-68FC-49C4-86C0-7FEE75C366BF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*", matchCriteriaId: "6361DAC6-600F-4B15-8797-D67F298F46FB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.", }, { lang: "es", value: "Se descubrió que un servicio systemd que utiliza la propiedad DynamicUser puede crear un binario SUID/SGID que podría ejecutarse como servicio transitorio UID/GID incluso después de que el servicio haya terminado. Un atacante local puede utilizar esta vulnerabilidad para acceder a recursos que serán propiedad de un servicio potencialmente diferente en el futuro, cuando el UID/GID sea reciclado.", }, ], id: "CVE-2019-3843", lastModified: "2024-11-21T04:42:41.073", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 1, impactScore: 3.4, source: "secalert@redhat.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-04-26T21:29:00.360", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108116", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190619-0002/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4269-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108116", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190619-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4269-1/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-266", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-10-28 22:55
Modified
2024-11-21 01:55
Severity ?
Summary
journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor.
References
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357 | Issue Tracking, Third Party Advisory | |
secalert@redhat.com | http://www.openwall.com/lists/oss-security/2013/10/01/9 | Mailing List, Third Party Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=859104 | Issue Tracking, Patch, Third Party Advisory | |
secalert@redhat.com | https://security.gentoo.org/glsa/201612-34 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357 | Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2013/10/01/9 | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=859104 | Issue Tracking, Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201612-34 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "5357AFE5-8FD0-4691-83D8-562F1B8AB02E", versionEndExcluding: "194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor.", }, { lang: "es", value: "journald en systemd, cuando el origen de mensajes nativos se establece en un archivo, permite a usuarios locales ocasionar una denegación de servicio (servicio de registro de bloqueo) a través de un descriptor de archivo diseñado.", }, ], id: "CVE-2013-4393", lastModified: "2024-11-21T01:55:28.900", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-10-28T22:55:03.820", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2013/10/01/9", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=859104", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201612-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2013/10/01/9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=859104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201612-34", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-10-13 14:59
Modified
2024-11-21 02:58
Severity ?
Summary
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | 209 | |
systemd_project | systemd | 213 | |
systemd_project | systemd | 214 | |
systemd_project | systemd | 229 | |
novell | suse_linux_enterprise_software_development_kit | 12.0 | |
novell | suse_linux_enterprise_desktop | 12 | |
novell | suse_linux_enterprise_server | 12.0 | |
novell | suse_linux_enterprise_server | 12.0 | |
novell | suse_linux_enterprise_server_for_sap | 12.0 | |
redhat | enterprise_linux_desktop | 7.0 | |
redhat | enterprise_linux_hpc_node | 7.0 | |
redhat | enterprise_linux_server | 7.0 | |
redhat | enterprise_linux_workstation | 7.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:209:*:*:*:*:*:*:*", matchCriteriaId: "D9C4D716-A579-4E00-BB40-225555EC1610", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:213:*:*:*:*:*:*:*", matchCriteriaId: "76487F68-8C55-4603-BEE3-B10DFF8C387C", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:214:*:*:*:*:*:*:*", matchCriteriaId: "8AC2D908-4E64-46E8-9C48-E1FD1B5017A3", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:229:*:*:*:*:*:*:*", matchCriteriaId: "60DD52ED-400F-4E9C-B9C3-907DE5ABCBC3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "01E6CAD9-DC1F-4C7C-8C8E-98E4BFABAC94", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12:sp1:*:*:*:*:*:*", matchCriteriaId: "BCEA3D62-99E0-48F9-A0CF-981BF28A509D", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:ltss:*:*:*", matchCriteriaId: "6AB85D92-66AE-4747-BE69-60479D178544", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*", matchCriteriaId: "81D94366-47D6-445A-A811-39327B150FCD", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_server_for_sap:12.0:*:*:*:*:*:*:*", matchCriteriaId: "B1CAEB29-5FEF-4713-847F-0059E6BD843E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", matchCriteriaId: "3C84489B-B08C-4854-8A12-D01B6E45CF79", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.", }, { lang: "es", value: "La función manager_dispatch_notify_fd en systemd permite a usuarios locales provocar una denegación de servicio (colgado de sistema) a través de un mensaje de longitud cero recibido sobre una notificación de encaje, lo que provoca que se devuelva un error y que el controlador de notificación se desactive.", }, ], id: "CVE-2016-7796", lastModified: "2024-11-21T02:58:28.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 4.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-10-13T14:59:14.567", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00015.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00016.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2017-0003.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/09/30/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.securityfocus.com/bid/93250", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1037320", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1381911", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "https://github.com/systemd/systemd/issues/4234#issuecomment-250441246", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://rhn.redhat.com/errata/RHBA-2015-2092.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Technical Description", "Third Party Advisory", ], url: "https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00016.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2017-0003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/09/30/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.securityfocus.com/bid/93250", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1037320", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1381911", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "https://github.com/systemd/systemd/issues/4234#issuecomment-250441246", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://rhn.redhat.com/errata/RHBA-2015-2092.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Technical Description", "Third Party Advisory", ], url: "https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-10-03 21:55
Modified
2024-11-21 01:55
Severity ?
Summary
systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
References
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | http://www.debian.org/security/2013/dsa-2777 | Third Party Advisory | |
secalert@redhat.com | http://www.openwall.com/lists/oss-security/2013/09/18/6 | Mailing List, Third Party Advisory | |
secalert@redhat.com | http://www.ubuntu.com/usn/USN-1961-1 | Vendor Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1006680 | Issue Tracking, Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2013/dsa-2777 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2013/09/18/6 | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1961-1 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1006680 | Issue Tracking, Patch, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | * | |
debian | debian_linux | 7.0 | |
canonical | ubuntu_linux | 13.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "0B4377F9-A528-4287-BFA0-F9CF478ED248", versionEndIncluding: "207", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", matchCriteriaId: "EFAA48D9-BEB4-4E49-AD50-325C262D46D9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.", }, { lang: "es", value: "systemd no utiliza adecuadamente D-Bus para la comunicación con una autoridad polkit, lo que permite a usuarios locales evadir restricciones de acceso intencionadas mediante el aprovechamiento de una condición de carrera PolkitUnixProcess PolkitSubject a través del (1) proceso setuid o (2) proceso pkexec, un problema relacionado con CVE-2013-4288.", }, ], id: "CVE-2013-4327", lastModified: "2024-11-21T01:55:21.767", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-10-03T21:55:04.443", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2013/dsa-2777", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2013/09/18/6", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.ubuntu.com/usn/USN-1961-1", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1006680", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2013/dsa-2777", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2013/09/18/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ubuntu.com/usn/USN-1961-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1006680", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-23 13:15
Modified
2024-11-22 12:15
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | 25 | |
debian | debian_linux | 8.0 | |
debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:25:*:*:*:*:*:*:*", matchCriteriaId: "64D83463-13ED-430C-8C40-2237DF0E3643", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: false, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", }, { lang: "es", value: "Se encontró una vulnerabilidad en systemd-resolved. Este problema puede permitir que systemd-resolved acepte registros de dominios firmados por DNSSEC incluso cuando no tienen firma, lo que permite que los intermediarios (o el solucionador de DNS ascendente) manipulen los registros.", }, ], id: "CVE-2023-7008", lastModified: "2024-11-22T12:15:17.590", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-23T13:15:07.573", references: [ { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:2463", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:3203", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-7008", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2222261", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2222672", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://github.com/systemd/systemd/issues/25676", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2024:2463", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2024:3203", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-7008", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2222261", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2222672", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/systemd/systemd/issues/25676", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20241122-0004/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-300", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-10-13 14:59
Modified
2024-11-21 02:58
Severity ?
Summary
The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
canonical | ubuntu_linux | 16.04 | |
systemd_project | systemd | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "F70C8521-2E57-48AD-A421-FB79054915D3", versionEndIncluding: "231", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket.", }, { lang: "es", value: "La función manager_invoke_notify_message en systemd 231 y versiones anteriores permite a usuarios locales provocar una denegación de servicio (fallo de afirmación y colgado de PID 1) a través de un mensaje de longitud cero recibido sobre una notificación de encaje.", }, ], id: "CVE-2016-7795", lastModified: "2024-11-21T02:58:28.707", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 4.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-10-13T14:59:13.473", references: [ { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2016-2610.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2016-2694.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/09/28/9", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/09/30/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93223", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1037320", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3094-1", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/issues/4234", }, { source: "cve@mitre.org", tags: [ "Exploit", "Technical Description", "Third Party Advisory", ], url: "https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-2610.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-2694.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/09/28/9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/09/30/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93223", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1037320", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3094-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/issues/4234", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Technical Description", "Third Party Advisory", ], url: "https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-09-09 15:15
Modified
2024-11-21 07:01
Severity ?
Summary
A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.
References
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://github.com/systemd/systemd/commit/d973d94dec349fb676fdd844f6fe2ada3538f27c | Patch, Third Party Advisory | |
secalert@redhat.com | https://security.netapp.com/advisory/ntap-20221111-0005/ | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/systemd/systemd/commit/d973d94dec349fb676fdd844f6fe2ada3538f27c | Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20221111-0005/ | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | 240 | |
netapp | active_iq_unified_manager | - | |
netapp | h300s_firmware | - | |
netapp | h300s | - | |
netapp | h500s_firmware | - | |
netapp | h500s | - | |
netapp | h700s_firmware | - | |
netapp | h700s | - | |
netapp | h410s_firmware | - | |
netapp | h410s | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:240:*:*:*:*:*:*:*", matchCriteriaId: "161BE658-86CC-4F76-8F55-7371B1CE551F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.", }, { lang: "es", value: "Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada en systemd. Este problema ocurre debido a que las funciones on_stream_io() y dns_stream_complete() en \"resolved-dns-stream.c\" no incrementan el conteo de referencias para el objeto DnsStream. Por lo tanto, otras funciones y callbacks llamados pueden hacer referencia al objeto DNSStream, causando un uso de memoria previamente liberada cuando la referencia sigue usándose más tarde", }, ], id: "CVE-2022-2526", lastModified: "2024-11-21T07:01:11.383", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-09-09T15:15:10.107", references: [ { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commit/d973d94dec349fb676fdd844f6fe2ada3538f27c", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221111-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commit/d973d94dec349fb676fdd844f6fe2ada3538f27c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221111-0005/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-11 21:29
Modified
2024-11-21 03:53
Severity ?
Summary
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "64E7298B-055B-4A07-A1B8-7A9BDB020B39", versionEndIncluding: "240", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "98381E61-F082-4302-B51F-5648884F998B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B353CE99-D57C-465B-AAB0-73EF581127D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", matchCriteriaId: "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*", matchCriteriaId: "1F59AE20-7B9D-47A5-9E0D-A73F4A0E7D34", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1D4AF039-F3B6-45EB-A87E-8BCCF822AE23", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_border_controller:8.2.0:*:*:*:*:*:*:*", matchCriteriaId: "404A4EE8-6572-4B35-8C6A-A3CB8F1308A5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_communications_broker:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "17C9CFFB-0F3A-4E59-B6C9-9C8A20BB9B91", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "E11C65C3-1B17-4362-A99C-59583081A24D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.", }, { lang: "es", value: "Se ha descubierto una asignación de memoria sin límites que podría resultar en que la pila choque con otra región de memoria, en systemd-journald, cuando se envían muchas entradas al socket de journal. Un atacante local, o uno remoto si se emplea systemd-journal-remote, podría emplear este error para provocar el cierre inesperado de systemd-journald o ejecutar código con privilegios de journald. Son vulnerables las versiones hasta la v240.", }, ], id: "CVE-2018-16865", lastModified: "2024-11-21T03:53:28.770", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "secalert@redhat.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-11T21:29:00.257", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/May/21", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/05/10/4", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/07/20/2", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106525", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2019:0327", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0049", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0204", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0271", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0342", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0361", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2402", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16865", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/May/25", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201903-07", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190117-0001/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3855-1/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4367", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.qualys.com/2019/01/09/system-down/system-down.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/May/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/05/10/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/07/20/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106525", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2019:0327", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0049", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0204", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0271", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0342", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0361", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2402", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16865", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/May/25", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201903-07", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190117-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3855-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4367", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.qualys.com/2019/01/09/system-down/system-down.txt", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-770", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-770", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-23 23:15
Modified
2024-11-21 07:29
Severity ?
Summary
systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | * | |
systemd_project | systemd | 252 | |
systemd_project | systemd | 252 | |
fedoraproject | fedora | 36 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "8AE4E7F2-A943-44CA-B44F-BDE0F8D09B53", versionEndIncluding: "251", versionStartIncluding: "250", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:252:rc1:*:*:*:*:*:*", matchCriteriaId: "55FF285C-8DFC-4A67-A426-1ADE349BEF8E", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:252:rc2:*:*:*:*:*:*", matchCriteriaId: "0E0E4355-1411-43F3-8DCE-700BE15FC71C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.", }, { lang: "es", value: "systemd 250 y 251 permiten a los usuarios locales lograr un punto muerto en systemd-coredump al desencadenar un bloqueo que tiene un largo backtrace. Esto ocurre en parse_elf_object enshared/elf-util.c. La metodología de explotación consiste en bloquear un binario que llama a la misma función de forma recursiva y colocarlo en un directorio profundamente anidado para que su seguimiento sea lo suficientemente grande como para provocar el punto muerto. Esto se debe hacer 16 veces cuando se establece MaxConnections=16 para el archivo systemd/units/systemd-coredump.socket.", }, ], id: "CVE-2022-45873", lastModified: "2024-11-21T07:29:52.680", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-23T23:15:10.183", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/pull/24853#issuecomment-1326561497", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/pull/25055#issuecomment-1313733553", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MS5N5SLYAHKENLAJWYBDKU55ICU3SVZF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/pull/24853#issuecomment-1326561497", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/pull/25055#issuecomment-1313733553", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MS5N5SLYAHKENLAJWYBDKU55ICU3SVZF/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-23 07:59
Modified
2024-11-21 02:43
Severity ?
Summary
A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | 228 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:228:*:*:*:*:*:*:*", matchCriteriaId: "15362470-BF82-4CDB-988A-E077251B8673", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229.", }, { lang: "es", value: "Un fallo en systemd v228 en /src/basic/fs-util.c causó que los archivos suid de escritura universal se crearan cuando se usan las características de los temporizadores systemd, permitiendo a atacantes locales escalar sus privilegios a root. Esto se soluciona en v229.", }, ], id: "CVE-2016-10156", lastModified: "2024-11-21T02:43:26.087", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-23T07:59:00.347", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/95790", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1037686", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1020601", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f", }, { source: "cve@mitre.org", url: "https://www.exploit-db.com/exploits/41171/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/95790", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1037686", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1020601", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/41171/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-11 20:29
Modified
2024-11-21 03:53
Severity ?
Summary
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "64E7298B-055B-4A07-A1B8-7A9BDB020B39", versionEndIncluding: "240", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.4:*:*:*:*:*:*:*", matchCriteriaId: "DA4AB18C-40FC-4E48-830D-481A97B34256", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.5:*:*:*:*:*:*:*", matchCriteriaId: "24D3235A-DB42-4868-90D9-712C3B3693AE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*", matchCriteriaId: "5E92F9B3-3841-4C05-88F0-CEB0735EA4BB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "98381E61-F082-4302-B51F-5648884F998B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B353CE99-D57C-465B-AAB0-73EF581127D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*", matchCriteriaId: "1F59AE20-7B9D-47A5-9E0D-A73F4A0E7D34", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1D4AF039-F3B6-45EB-A87E-8BCCF822AE23", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_border_controller:8.2.0:*:*:*:*:*:*:*", matchCriteriaId: "404A4EE8-6572-4B35-8C6A-A3CB8F1308A5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_communications_broker:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "17C9CFFB-0F3A-4E59-B6C9-9C8A20BB9B91", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "E11C65C3-1B17-4362-A99C-59583081A24D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.", }, { lang: "es", value: "Se ha descubierto una asignación de memoria sin límites, que podría resultar en que la pila choque con otra región de memoria, en systemd-journald, cuando un programa con argumentos largos de la línea de comandos llama a syslog. Un atacante local podría emplear este error para provocar el cierre inesperado de systemd-journald o escalar sus privilegios. Son vulnerables las versiones hasta la v240.", }, ], id: "CVE-2018-16864", lastModified: "2024-11-21T03:53:28.590", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.4, impactScore: 5.9, source: "secalert@redhat.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-11T20:29:00.277", references: [ { source: "secalert@redhat.com", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2021/07/20/2", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106523", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2019:0327", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0049", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0204", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0271", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0342", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0361", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2402", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16864", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201903-07", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190117-0001/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3855-1/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4367", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.qualys.com/2019/01/09/system-down/system-down.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2021/07/20/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106523", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2019:0327", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0049", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0204", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0271", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0342", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0361", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2402", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16864", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201903-07", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190117-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3855-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4367", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.qualys.com/2019/01/09/system-down/system-down.txt", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-770", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-770", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2018-02-16 21:29
Modified
2024-11-21 03:59
Severity ?
Summary
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | * | |
redhat | enterprise_linux | 7.0 | |
redhat | enterprise_linux_aus | 7.4 | |
redhat | enterprise_linux_aus | 7.6 | |
redhat | enterprise_linux_desktop | 7.0 | |
redhat | enterprise_linux_server | 7.0 | |
redhat | enterprise_linux_server_aus | 7.4 | |
redhat | enterprise_linux_server_aus | 7.6 | |
redhat | enterprise_linux_server_eus | 7.4 | |
redhat | enterprise_linux_server_eus | 7.5 | |
redhat | enterprise_linux_server_eus | 7.6 | |
redhat | enterprise_linux_server_tus | 7.4 | |
redhat | enterprise_linux_server_tus | 7.6 | |
redhat | enterprise_linux_workstation | 7.0 | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 16.04 | |
debian | debian_linux | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "312BA577-A7D6-4A57-8A3E-E7BF5D2099BB", versionEndExcluding: "234", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_aus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "CB33390A-F51F-4451-8FEA-7FC31F1AA51C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_aus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "24E8D7FF-8269-4EDA-8DCB-7AF37673CD87", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "D99A687E-EAE6-417E-A88E-D0082BC194CD", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B353CE99-D57C-465B-AAB0-73EF581127D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", matchCriteriaId: "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "D5F7E11E-FB34-4467-8919-2B6BEAABF665", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.", }, { lang: "es", value: "En systemd en versiones anteriores a la 234, existe una condición de carrera entre las unidades .mount y .automount, de forma que las peticiones automount del kernel podrían no ser ofrecidas por systemd. Esto resulta en que el kernel retiene el mountpoint y cualquier proceso que intente emplear este mount se bloqueará. Una condición de carrera como esta podría conducir a una denegación de servicio (DoS) hasta que los puntos de montaje se desmonten.", }, ], id: "CVE-2018-1049", lastModified: "2024-11-21T03:59:04.120", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-02-16T21:29:00.377", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041520", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0260", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1534701", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3558-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041520", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0260", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1534701", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3558-1/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-03 16:15
Modified
2024-11-21 07:51
Severity ?
Summary
systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "9BE23150-D350-4350-B3C4-624BC28DA751", versionEndExcluding: "247", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the \"systemctl status\" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.", }, ], id: "CVE-2023-26604", lastModified: "2024-11-21T07:51:50.620", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-03T16:15:10.607", references: [ { source: "cve@mitre.org", url: "http://packetstormsecurity.com/files/174130/systemd-246-Local-Root-Privilege-Escalation.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality/", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2023/03/msg00032.html", }, { source: "cve@mitre.org", url: "https://medium.com/%40zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7", }, { source: "cve@mitre.org", url: "https://security.netapp.com/advisory/ntap-20230505-0009/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/174130/systemd-246-Local-Root-Privilege-Escalation.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/03/msg00032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://medium.com/%40zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20230505-0009/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-31 17:15
Modified
2024-11-21 05:11
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | * | |
redhat | ceph_storage | 4.0 | |
redhat | discovery | - | |
redhat | migration_toolkit | 1.0 | |
redhat | openshift_container_platform | 4.0 | |
redhat | enterprise_linux | 8.0 | |
debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "20030C2B-7090-4057-BBE7-CFFEB5F6B6E8", versionEndIncluding: "244", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*", matchCriteriaId: "D6E54096-5D45-4CB2-AC9A-DDB55BF2B94C", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:discovery:-:*:*:*:*:*:*:*", matchCriteriaId: "B5B1D946-5978-4818-BF21-A43D9C1365E1", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:migration_toolkit:1.0:*:*:*:*:*:*:*", matchCriteriaId: "7064499F-9063-4181-A26F-A3476C46CFE9", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", matchCriteriaId: "932D137F-528B-4526-9A89-CD59FA1AB0FE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", }, { lang: "es", value: "Se detectó una vulnerabilidad uso de la memoria previamente liberada de la pila en systemd versiones anteriores a v245-rc1, donde se llevaron a cabo consultas de Polkit asincrónicas mientras se manejan mensajes dbus. Un atacante no privilegiado local puede abusar de este fallo para bloquear los servicios de systemd o potencialmente ejecutar código y elevar sus privilegios, mediante el envío de mensajes dbus especialmente diseñados.", }, ], id: "CVE-2020-1712", lastModified: "2024-11-21T05:11:13.433", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-31T17:15:26.577", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1712", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00025.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2020/02/05/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1712", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/06/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2020/02/05/1", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-10-28 22:55
Modified
2024-11-21 01:55
Severity ?
Summary
systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
References
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357 | Issue Tracking, Third Party Advisory | |
secalert@redhat.com | http://www.openwall.com/lists/oss-security/2013/10/01/9 | Mailing List, Third Party Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=859060 | Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357 | Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2013/10/01/9 | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=859060 | Issue Tracking, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "29DE4BC8-5B26-4F23-A122-FBBC05D94CFF", versionEndExcluding: "239", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", }, { lang: "es", value: "systemd, cuando actualiza los permisos de los archivos, permite a usuarios locales cambiar los permisos y el contextos de seguridad de SELinux para los archivos de su elección a través de un ataque de enlaces simbólicos en los ficheros especificados.", }, ], id: "CVE-2013-4392", lastModified: "2024-11-21T01:55:28.797", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-10-28T22:55:03.773", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2013/10/01/9", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=859060", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2013/10/01/9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=859060", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-08-23 20:15
Modified
2024-11-21 06:23
Severity ?
Summary
A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | * | |
fedoraproject | fedora | 34 | |
fedoraproject | fedora | 35 | |
redhat | enterprise_linux | 7.0 | |
redhat | enterprise_linux | 8.0 | |
redhat | enterprise_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "0D5DB179-3322-4645-BF16-007AE6A8378D", versionEndExcluding: "250.2", versionStartIncluding: "240", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", }, { lang: "es", value: "Se ha encontrado un fallo en systemd. Una recursión no controlada en systemd-tmpfiles puede conllevar a una denegación de servicio en el momento del arranque cuando son creados demasiados directorios anidados en /tmp.", }, ], id: "CVE-2021-3997", lastModified: "2024-11-21T06:23:20.623", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-08-23T20:15:08.670", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2021-3997", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2024639", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1", }, { source: "secalert@redhat.com", url: "https://security.gentoo.org/glsa/202305-15", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2022/01/10/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2021-3997", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2024639", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2022/01/10/2", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-674", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-674", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-02-13 20:29
Modified
2024-11-21 04:11
Severity ?
Summary
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | * | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
canonical | ubuntu_linux | 18.10 | |
opensuse | leap | 42.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "A9E06B96-2CF1-470F-991C-E9D466D7A58E", versionEndIncluding: "237", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.", }, { lang: "es", value: "systemd-tmpfiles en systemd, hasta 237, gestiona de manera incorrecta los vínculos simbólicos presentes en componentes de ruta no terminales. Esto permite que usuarios locales se hagan dueños de archivos arbitrarios mediante vectores relacionados con la creación de un directorio y un archivo bajo ese directorio para, posteriormente, reemplazarlo por un vínculo simbólico. Esto ocurre incluso aunque el sysctl fs.protected_symlinks esté activado.", }, ], id: "CVE-2018-6954", lastModified: "2024-11-21T04:11:28.693", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-02-13T20:29:00.547", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/issues/7986", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3816-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3816-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/issues/7986", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3816-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3816-2/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-08 22:15
Modified
2024-11-21 07:20
Severity ?
Summary
An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | * | |
redhat | enterprise_linux | 8.0 | |
redhat | enterprise_linux | 9.0 | |
fedoraproject | fedora | 35 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "52303FA5-37AB-4D24-8121-64BBF929D93B", versionEndIncluding: "251", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.", }, { lang: "es", value: "Se descubrió un problema de error de uno en uno en Systemd en la función format_timespan() de time-util.c. Un atacante podría proporcionar valores específicos de tiempo y precisión que provoquen una saturación del búfer en format_timespan(), lo que provocará una Denegación de Servicio (DoS).", }, ], id: "CVE-2022-3821", lastModified: "2024-11-21T07:20:18.240", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-08T22:15:16.700", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139327", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/issues/23928", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/pull/23933", }, { source: "secalert@redhat.com", url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00036.html", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVBQC2VLSDVQAPJTEMTREXDL4HYLXG2P/", }, { source: "secalert@redhat.com", url: "https://security.gentoo.org/glsa/202305-15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139327", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/issues/23928", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/pull/23933", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00036.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVBQC2VLSDVQAPJTEMTREXDL4HYLXG2P/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-15", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-193", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-07-20 19:15
Modified
2024-11-21 06:09
Severity ?
Summary
basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | * | |
systemd_project | systemd | * | |
systemd_project | systemd | * | |
systemd_project | systemd | * | |
fedoraproject | fedora | 33 | |
fedoraproject | fedora | 34 | |
debian | debian_linux | 10.0 | |
netapp | hci_management_node | - | |
netapp | solidfire | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "6FA89DC5-B340-4ADD-ABEF-81128C99847E", versionEndExcluding: "246.15", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "77D58076-C816-4A9B-8BBF-46C756E02C74", versionEndExcluding: "247.8", versionStartIncluding: "247", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "0FD17152-7791-4FFB-8F38-126207D3D6D0", versionEndExcluding: "248.5", versionStartIncluding: "248", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "6F785921-64F2-4975-82D8-65C373F934C9", versionEndExcluding: "249.1", versionStartIncluding: "249", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.", }, { lang: "es", value: "basic/unit-name.c en systemd anterior a las versiones 246.15, 247.8, 248.5 y 249.1 tiene una asignación de memoria con un valor de tamaño excesivo (que involucra a strdupa y alloca para un nombre de ruta controlado por un atacante local) que resulta en una caída del sistema operativo", }, ], id: "CVE-2021-33910", lastModified: "2024-11-21T06:09:45.593", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 4.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-07-20T19:15:09.783", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/08/04/2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/08/17/3", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/09/07/3", }, { source: "cve@mitre.org", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-48", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211104-0008/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4942", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2021/07/20/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/08/04/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/08/17/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/09/07/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-48", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211104-0008/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4942", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2021/07/20/2", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-770", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-10-26 14:29
Modified
2024-11-21 03:51
Severity ?
Summary
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | * | |
debian | debian_linux | 8.0 | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
canonical | ubuntu_linux | 18.10 | |
redhat | enterprise_linux_desktop | 7.0 | |
redhat | enterprise_linux_server | 7.0 | |
redhat | enterprise_linux_server_aus | 7.6 | |
redhat | enterprise_linux_server_eus | 7.6 | |
redhat | enterprise_linux_server_tus | 7.6 | |
redhat | enterprise_linux_workstation | 7.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "6091DEBE-CF1A-4BD9-9ECC-50715D8241E2", versionEndIncluding: "239", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B353CE99-D57C-465B-AAB0-73EF581127D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.", }, { lang: "es", value: "Una vulnerabilidad de desbordamiento de búfer en el cliente dhcp6 de systemd permite que un servidor dhcp6 malicioso sobrescriba memoria dinámica (heap) en systemd-networkd. Las versiones afectadas de systemd son todas hasta la 239 incluida.", }, ], id: "CVE-2018-15688", lastModified: "2024-11-21T03:51:16.897", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "security@ubuntu.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-10-26T14:29:00.897", references: [ { source: "security@ubuntu.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105745", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2019:0327", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3665", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0049", }, { source: "security@ubuntu.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/pull/10518", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201810-10", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3806-1/", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3807-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105745", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2019:0327", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3665", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0049", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/pull/10518", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201810-10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3806-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3807-1/", }, ], sourceIdentifier: "security@ubuntu.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-04 12:15
Modified
2024-11-21 04:29
Severity ?
Summary
In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:240:*:*:*:*:*:*:*", matchCriteriaId: "161BE658-86CC-4F76-8F55-7371B1CE551F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*", matchCriteriaId: "064E7BDD-4EF0-4A0D-A38D-8C75BAFEDCEF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", matchCriteriaId: "92BC9265-6959-4D37-BE5E-8C45E98992F8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "831F0F47-3565-4763-B16F-C87B1FF2035E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "0E3F09B5-569F-4C58-9FCA-3C0953D107B5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_8_s390x:*:*:*:*:*:*:*:*", matchCriteriaId: "6153039A-2F6A-42A8-8E28-B03880573417", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1:*:*:*:*:*:*:*", matchCriteriaId: "280D547B-F204-4848-9262-A103176B740C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "0AB105EC-19F9-424A-86F1-305A6FD74A9C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "8C9BD9AE-46FC-4609-8D99-A3CFE91D58D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:8.1:*:*:*:*:*:*:*", matchCriteriaId: "F7E844B1-838D-435B-90E4-ED537EE0674C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:8.2:*:*:*:*:*:*:*", matchCriteriaId: "725566B6-4319-489E-9A69-9E36ED2950DF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*", matchCriteriaId: "47811209-5CE5-4375-8391-B0A7F6A0E420", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:*:*:*:*:*:*:*", matchCriteriaId: "8EB6F417-25D0-4A28-B7BA-D21929EAA9E9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "E5C80DB2-4A78-4EC9-B2A8-1E4D902C4834", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "983533DD-3970-4A37-9A9C-582BD48AA1E5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", matchCriteriaId: "4DF2B9A2-8CA6-4EDF-9975-07265E363ED2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", matchCriteriaId: "7DA6A5AF-2EBE-4ED9-B312-DCD9D150D031", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", matchCriteriaId: "22D095ED-9247-4133-A133-73B7668565E4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", matchCriteriaId: "48C2E003-A71C-4D06-B8B3-F93160568182", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", matchCriteriaId: "3921C1CF-A16D-4727-99AD-03EFFA7C91CA", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", matchCriteriaId: "BC6DD887-9744-43EA-8B3C-44C6B6339590", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.", }, { lang: "es", value: "En systemd versión 240, la función bus_open_system_watch_bind_with_description en el archivo shared/bus-util.c (como es usado en systemd-resolve para conectarse a la instancia del sistema D-Bus), llama a sd_bus_set_trusted, lo que deshabilita los controles de acceso para los mensajes entrantes de D-Bus. Un usuario no privilegiado puede explotar esto mediante la ejecución de métodos D-Bus que deberían estar restringidos para usuarios con privilegios, para cambiar la configuración de la resolución DNS.", }, ], id: "CVE-2019-15718", lastModified: "2024-11-21T04:29:19.297", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-04T12:15:11.170", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/09/03/1", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3592", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3941", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1746057", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/09/03/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3592", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3941", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1746057", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-10-28 22:55
Modified
2024-11-21 01:55
Severity ?
Summary
The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | * | |
debian | debian_linux | 7.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "5357AFE5-8FD0-4691-83D8-562F1B8AB02E", versionEndExcluding: "194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving \"special and control characters.\"", }, { lang: "es", value: "La función SetX11Keyboard en systemd , cuando PolicyKit Local Authority (PKLA) es usada para cambiar el grupo de permisos en la descripción de los X Keyboard Extension (XKB) layouts, permite a usuarios locales en el grupo mnodificar el fichero de configuracion del servidor XOrg X11 y posiblemente ganar privilegios a traves de de vectores que involucran caracteres especiales y de control", }, ], id: "CVE-2013-4394", lastModified: "2024-11-21T01:55:29.007", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:H/Au:N/C:C/I:C/A:P", version: "2.0", }, exploitabilityScore: 1.9, impactScore: 9.5, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-10-28T22:55:03.850", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2013/dsa-2777", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2013/10/01/9", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=862324", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201612-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2013/dsa-2777", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2013/10/01/9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=862324", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201612-34", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-276", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-10-26 14:29
Modified
2024-11-21 03:15
Severity ?
Summary
In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | 223 | |
systemd_project | systemd | 224 | |
systemd_project | systemd | 225 | |
systemd_project | systemd | 226 | |
systemd_project | systemd | 227 | |
systemd_project | systemd | 228 | |
systemd_project | systemd | 229 | |
systemd_project | systemd | 230 | |
systemd_project | systemd | 231 | |
systemd_project | systemd | 232 | |
systemd_project | systemd | 233 | |
systemd_project | systemd | 234 | |
systemd_project | systemd | 235 | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 16.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:223:*:*:*:*:*:*:*", matchCriteriaId: "299693FA-4A78-4FBC-8F1B-4057D33048DE", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:224:*:*:*:*:*:*:*", matchCriteriaId: "BF2B3298-9E3C-4065-90B2-C286DF9B19C8", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:225:*:*:*:*:*:*:*", matchCriteriaId: "FD47B5C2-9331-41A5-BC6D-7E9CDD4F78FC", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:226:*:*:*:*:*:*:*", matchCriteriaId: "E20F0DE8-891A-46E7-A5B5-0227E1AA5C20", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:227:*:*:*:*:*:*:*", matchCriteriaId: "272F36CE-50AF-4E57-9D9C-082D72EF26FD", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:228:*:*:*:*:*:*:*", matchCriteriaId: "15362470-BF82-4CDB-988A-E077251B8673", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:229:*:*:*:*:*:*:*", matchCriteriaId: "60DD52ED-400F-4E9C-B9C3-907DE5ABCBC3", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:230:*:*:*:*:*:*:*", matchCriteriaId: "647F0C03-CD32-4E38-9F9B-5567620A0019", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:231:*:*:*:*:*:*:*", matchCriteriaId: "4247C36B-6791-48FA-80E9-C2180EDE0FDC", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:232:*:*:*:*:*:*:*", matchCriteriaId: "CD161270-1B4E-4B42-938F-8105291FA0D9", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:233:*:*:*:*:*:*:*", matchCriteriaId: "D906C008-68C8-4B10-8EF0-72D2289144A2", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:234:*:*:*:*:*:*:*", matchCriteriaId: "E75AE9AA-3786-49E2-AF6A-1ED56BC86BEC", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:235:*:*:*:*:*:*:*", matchCriteriaId: "2B87290B-5011-450A-8E1F-53DE2853E661", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.", }, { lang: "es", value: "En systemd 223 hasta 235, un servidor DNS remoto puede responder con un registro de recurso DNS NSEC manipulado de forma personalizada para desencadenar un bucle infinito en la función dns_packet_read_type_window() del servicio \"systemd-resolved\" y provocar una denegación de servicio en el servicio afectado.", }, ], id: "CVE-2017-15908", lastModified: "2024-11-21T03:15:26.277", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-10-26T14:29:00.207", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/101600", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039662", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/pull/7184", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://usn.ubuntu.com/3558-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/101600", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039662", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/pull/7184", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://usn.ubuntu.com/3558-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-835", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-03-21 16:01
Modified
2024-11-21 04:46
Severity ?
Summary
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:239:*:*:*:*:*:*:*", matchCriteriaId: "6867987C-E8AF-4CBB-92A4-4F1D85976482", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*", matchCriteriaId: "83077160-BB98-408B-81F0-8EF9E566BF28", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.5:*:*:*:*:*:*:*", matchCriteriaId: "D0C69E57-48DE-467F-8ADD-B4601CE1611E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "F96E3779-F56A-45FF-BB3D-4980527D721E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", matchCriteriaId: "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", matchCriteriaId: "92BC9265-6959-4D37-BE5E-8C45E98992F8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "831F0F47-3565-4763-B16F-C87B1FF2035E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "0E3F09B5-569F-4C58-9FCA-3C0953D107B5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "6C34DD8A-17C5-489C-9140-447784F27607", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.5:*:*:*:*:*:*:*", matchCriteriaId: "8254A580-9C03-4DEE-9EC3-9FA328247AAD", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1:*:*:*:*:*:*:*", matchCriteriaId: "280D547B-F204-4848-9262-A103176B740C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "0AB105EC-19F9-424A-86F1-305A6FD74A9C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "8C9BD9AE-46FC-4609-8D99-A3CFE91D58D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "277E06A0-90F5-4F97-94EA-5A18E242B800", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*", matchCriteriaId: "47811209-5CE5-4375-8391-B0A7F6A0E420", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "DF307B8C-4548-47D9-9D2E-F61AE0BFAADD", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.5:*:*:*:*:*:*:*", matchCriteriaId: "6617354C-ACF6-447F-A1A7-D69E43CF5A7E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:*:*:*:*:*:*:*", matchCriteriaId: "8EB6F417-25D0-4A28-B7BA-D21929EAA9E9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "E5C80DB2-4A78-4EC9-B2A8-1E4D902C4834", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "983533DD-3970-4A37-9A9C-582BD48AA1E5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "98381E61-F082-4302-B51F-5648884F998B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "D99A687E-EAE6-417E-A88E-D0082BC194CD", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B353CE99-D57C-465B-AAB0-73EF581127D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.3:*:*:*:*:*:*:*", matchCriteriaId: "36312FC8-1252-4E9C-9364-4F2FAAAAD0F4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*", matchCriteriaId: "C81C5D4E-3CAD-43CE-82BC-B0619CA3A74A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:*", matchCriteriaId: "4D7B1FA1-2A13-414C-B76B-91113336E9CE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", matchCriteriaId: "4DF2B9A2-8CA6-4EDF-9975-07265E363ED2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", matchCriteriaId: "7DA6A5AF-2EBE-4ED9-B312-DCD9D150D031", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "D5F7E11E-FB34-4467-8919-2B6BEAABF665", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.3:*:*:*:*:*:*:*", matchCriteriaId: "AA5F8426-5EEB-4013-BE49-8E705DA140B9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*", matchCriteriaId: "8C7E9628-0915-4C49-8929-F5E060A20CBB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:*", matchCriteriaId: "ADD254BD-1F70-476C-BE15-7945DED7963B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", matchCriteriaId: "48C2E003-A71C-4D06-B8B3-F93160568182", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", matchCriteriaId: "3921C1CF-A16D-4727-99AD-03EFFA7C91CA", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "E0BD6333-F674-4A2D-9E63-6177FC0F85FA", versionEndExcluding: "7.7.2.21", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "43FAD524-3E83-482B-8F74-6014BC52F46B", versionEndExcluding: "7.8.2.8", versionStartIncluding: "7.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "9D943214-14D8-47BC-BCF4-76B78EE95028", versionEndExcluding: "8.1.1", versionStartIncluding: "8.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).", }, { lang: "es", value: "Se ha descubierto un problema en sd-bus en systemd 239. bus_process_object() en libsystemd/sd-bus/bus-objects.c asigna un búfer de pila de longitud variable para almacenar temporalmente la ruta de objeto de los mensajes D-Bus entrantes. Un usuario local sin privilegios puede explotar esto enviando un mensaje especialmente manipulado a PID1, provocando que el puntero de la pila salte por las páginas guard de la pila hasta una región de memoria no mapeada y desencadene una denegación de servicio (cierre inesperado del PID1 en systemd y pánico del kernel).", }, ], id: "CVE-2019-6454", lastModified: "2024-11-21T04:46:28.867", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 4.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-03-21T16:01:08.203", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/02/18/3", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/02/19/1", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/07/20/2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/107081", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0368", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0990", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1322", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1502", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2805", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10278", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/02/msg00031.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N67IOBOTDOMVNQJ5QRU2MXLEECXPGNVJ/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190327-0004/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3891-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4393", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/02/18/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/02/19/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/07/20/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/107081", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0368", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0990", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1322", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1502", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2805", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10278", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/02/msg00031.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N67IOBOTDOMVNQJ5QRU2MXLEECXPGNVJ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190327-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3891-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4393", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-10-28 22:55
Modified
2024-11-21 01:55
Severity ?
Summary
Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | * | |
debian | debian_linux | 7.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "1FF388AD-F9B1-4349-A9D7-27B5867B7B87", versionEndExcluding: "190", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow.", }, { lang: "es", value: "Desbordamiento de enteros en la función valid_user_field de journal/journald-native.c en systemd permite a atacantes remotos ocasionar una denegación de servicio (cuelgue) y posiblemente ejecutar código arbitrario a través de un gran campo de datos, que provoca un desbordamiento de buffer basado en heap.", }, ], id: "CVE-2013-4391", lastModified: "2024-11-21T01:55:28.673", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-10-28T22:55:03.740", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Mailing List", "Patch", "Third Party Advisory", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://cgit.freedesktop.org/systemd/systemd/commit/?id=505b6a61c22d5565e9308045c7b9bf79f7d0517e", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2013/dsa-2777", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2013/10/01/9", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=859051", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201612-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Patch", "Third Party Advisory", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://cgit.freedesktop.org/systemd/systemd/commit/?id=505b6a61c22d5565e9308045c7b9bf79f7d0517e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2013/dsa-2777", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2013/10/01/9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=859051", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201612-34", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-11 15:15
Modified
2024-11-21 07:35
Severity ?
Summary
A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.
References
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c | Exploit, Patch, Third Party Advisory | |
secalert@redhat.com | https://www.openwall.com/lists/oss-security/2022/12/21/3 | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c | Exploit, Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20230216-0010/ | ||
af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2022/12/21/3 | Mailing List, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "7B98D853-84AB-4D2C-99A3-C7ED5FD44B2C", versionEndExcluding: "253", versionStartIncluding: "246", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.", }, { lang: "es", value: "Se encontró una vulnerabilidad en systemd. Esta falla de seguridad puede causar una fuga de información local debido a que systemd-coredump no respeta la configuración del kernel fs.suid_dumpable.", }, ], id: "CVE-2022-4415", lastModified: "2024-11-21T07:35:13.597", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-11T15:15:09.590", references: [ { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2022/12/21/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20230216-0010/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2022/12/21/3", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-01-29 05:29
Modified
2024-11-21 03:19
Severity ?
Summary
systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | * | |
debian | debian_linux | 8.0 | |
opensuse | leap | 42.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "8FFE2618-BA1B-4FAB-8449-83CAAFCDCFAA", versionEndExcluding: "237", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.", }, { lang: "es", value: "systemd-tmpfiles en systemd en versiones anteriores a la 237 intenta soportar cambios de propiedad/permisos en archivos con vínculos permanentes incluso aunque el sysctl fs.protected_hardlinks esté apagado. Esto permite que usuarios locales omitan las restricciones de acceso planeadas mediante vectores relacionados con un enlace permanente a un archivo para el que el usuario no tiene acceso de escritura, tal y como demuestra el cambio de propiedad del archivo /etc/passwd.", }, ], id: "CVE-2017-18078", lastModified: "2024-11-21T03:19:18.847", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-01-29T05:29:00.213", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2018-02/msg00109.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2018/01/29/3", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/issues/7736", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/43935/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2018/01/29/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2018-02/msg00109.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2018/01/29/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/issues/7736", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/43935/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2018/01/29/4", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-04-26 21:29
Modified
2024-11-21 04:42
Severity ?
Summary
It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | * | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
canonical | ubuntu_linux | 19.10 | |
netapp | hci_management_node | - | |
netapp | snapprotect | - | |
netapp | solidfire | - | |
netapp | cn1610_firmware | - | |
netapp | cn1610 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "BACFBEC4-DBBC-4645-9A00-7B4E573F7DF3", versionEndExcluding: "242", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*", matchCriteriaId: "F74F467A-0C81-40D9-BA06-40FB8EF02C04", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "EB30733E-68FC-49C4-86C0-7FEE75C366BF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*", matchCriteriaId: "6361DAC6-600F-4B15-8797-D67F298F46FB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.", }, { lang: "es", value: "Se ha descubierto una vulnerabilidad en el servicio systemd que utilice la propiedad DynamicUser pudiendo obtener nuevos privilegios a través de la ejecución de binarios SUID, los cuales podrían permitir crear binarios pertenecientes al servicio transient group con el bit setgid, Un atacante local podría utilizar este fallo para acceder a recursos que pertenezcan a otro servicio futuro cuando el GID fuese reciclado.", }, ], id: "CVE-2019-3844", lastModified: "2024-11-21T04:42:41.240", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 1, impactScore: 3.4, source: "secalert@redhat.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-04-26T21:29:00.423", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108096", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190619-0002/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4269-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108096", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190619-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4269-1/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-268", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-13 17:15
Modified
2025-01-03 20:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://github.com/kastel-security/Journald | Third Party Advisory | |
cve@mitre.org | https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf | Technical Description | |
cve@mitre.org | https://github.com/systemd/systemd/releases | Release Notes | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kastel-security/Journald | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf | Technical Description | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/systemd/systemd/releases | Release Notes |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | 253 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:253:-:*:*:*:*:*:*", matchCriteriaId: "733DE777-9802-4CB6-8B03-6B6295BCE29D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", }, ], id: "CVE-2023-31437", lastModified: "2025-01-03T20:15:26.457", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-06-13T17:15:14.657", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/kastel-security/Journald", }, { source: "cve@mitre.org", tags: [ "Technical Description", ], url: "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/systemd/systemd/releases", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/kastel-security/Journald", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", ], url: "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/systemd/systemd/releases", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-354", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-354", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-10 16:15
Modified
2024-11-21 05:01
Severity ?
Summary
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | 245 | |
fedoraproject | fedora | 33 | |
netapp | active_iq_unified_manager | - | |
netapp | cloud_backup | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:245:-:*:*:*:*:*:*", matchCriteriaId: "1E07E1BF-F8B6-4BA0-9DEE-6619C666CB94", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*", matchCriteriaId: "E8F29E19-3A64-4426-A2AA-F169440267CC", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.", }, { lang: "es", value: "Se presenta una vulnerabilidad de denegación de servicio explotable en Systemd 245. Un paquete DHCP FORCERENEW especialmente diseñado puede hacer que un servidor que ejecuta el cliente DHCP sea vulnerable a un ataque de suplantación de DHCP ACK. Un atacante puede falsificar un par de paquetes FORCERENEW y DCHP ACK para reconfigurar el servidor", }, ], id: "CVE-2020-13529", lastModified: "2024-11-21T05:01:26.123", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:A/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 5.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 4, source: "talos-cna@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-10T16:15:07.373", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/08/04/2", }, { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/08/17/3", }, { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/09/07/3", }, { source: "talos-cna@cisco.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/", }, { source: "talos-cna@cisco.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-48", }, { source: "talos-cna@cisco.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210625-0005/", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/08/04/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/08/17/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/09/07/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-48", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210625-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-290", }, ], source: "talos-cna@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-290", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-17 04:29
Modified
2024-11-21 04:02
Severity ?
Summary
systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | 242 | |
netapp | cn1610_firmware | - | |
netapp | cn1610 | - | |
netapp | snapprotect | - | |
netapp | solidfire_\&_hci_management_node | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:242:-:*:*:*:*:*:*", matchCriteriaId: "A00408E2-96BE-44A7-A389-90C6F6DE8157", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "EB30733E-68FC-49C4-86C0-7FEE75C366BF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*", matchCriteriaId: "6361DAC6-600F-4B15-8797-D67F298F46FB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*", matchCriteriaId: "F74F467A-0C81-40D9-BA06-40FB8EF02C04", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", }, { lang: "es", value: "El systemd 242 cambia el VT1 mode al terminar la sesión, esto permite a los atacantes leer contraseñas de texto simple en algunas circunstancias, tales como ver un apagado o usar Ctrl-Alt-F1 y Ctrl-Alt-F2. Esto ocurre porque la comprobación KDGKBMODE (también conocido como modo de teclado actual) es manejada incorrectamente.", }, ], id: "CVE-2018-20839", lastModified: "2024-11-21T04:02:17.040", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-17T04:29:00.933", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108389", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/systemd/systemd/pull/12378", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190530-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108389", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/systemd/systemd/pull/12378", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190530-0002/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-21 06:15
Modified
2024-11-21 04:38
Severity ?
Summary
An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | * | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
canonical | ubuntu_linux | 19.10 | |
fedoraproject | fedora | 30 | |
opensuse | leap | 15.1 | |
netapp | active_iq_unified_manager | - | |
netapp | cloud_backup | - | |
netapp | steelstore_cloud_integrated_storage | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "DC6B51EF-3387-492E-80C6-5C08DB04F146", versionEndExcluding: "243", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", }, { lang: "es", value: "Se detectó un problema en la función button_open en el archivo login/logind-button.c en systemd versiones anteriores a 243. Cuando se ejecuta el comando de activación udevadm, puede presentarse una pérdida de memoria.", }, ], id: "CVE-2019-20386", lastModified: "2024-11-21T04:38:21.573", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "LOW", baseScore: 2.4, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-21T06:15:11.827", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZPCOMW5X6IZZXASCDD2CNW2DLF3YADC/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200210-0002/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4269-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZPCOMW5X6IZZXASCDD2CNW2DLF3YADC/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200210-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4269-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-04-09 21:29
Modified
2024-11-21 04:42
Severity ?
Summary
In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any".
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | * | |
systemd_project | systemd | 242 | |
systemd_project | systemd | 242 | |
systemd_project | systemd | 242 | |
redhat | enterprise_linux | 7.0 | |
fedoraproject | fedora | 30 | |
debian | debian_linux | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "02E0A07B-34D3-403B-A503-CB11C9203FE9", versionEndIncluding: "241", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:242:rc1:*:*:*:*:*:*", matchCriteriaId: "3E2ACFB1-6787-47D0-B7F3-CF4F129732A2", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:242:rc2:*:*:*:*:*:*", matchCriteriaId: "22EB9C1F-9101-4AD5-80FD-CB5EA224A13F", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:242:rc3:*:*:*:*:*:*", matchCriteriaId: "9A203307-2242-475A-8ADF-3A1D112655D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the \"allow_active\" element rather than \"allow_any\".", }, { lang: "es", value: "En systemd anterior de la versión v242-rc4, fue encontrado que pam_systemd no sanea apropiadamente el entorno anterior usando la variable XDG_SEAT. Es posible que un atacante, en ciertas configuraciones particulares, establezca una variable de entorno XDG_SEAT que permita comprobar los comandos contra las políticas polkit utilizando el elemento \"allow_active\" en lugar de \"allow_any\".", }, ], id: "CVE-2019-3842", lastModified: "2024-11-21T04:42:40.903", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 1, impactScore: 3.4, source: "secalert@redhat.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-04-09T21:29:03.443", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.html", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3842", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STR36RJE4ZZIORMDXRERVBHMPRNRTHAC/", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/46743/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3842", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STR36RJE4ZZIORMDXRERVBHMPRNRTHAC/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/46743/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-285", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-11 15:15
Modified
2024-11-21 01:36
Severity ?
Summary
systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | 37 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:37:*:*:*:*:*:*:*", matchCriteriaId: "64AF20A2-97C5-439B-A7D8-D6FE5A20B32E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).", }, { lang: "es", value: "systemd versión 37-1, no maneja apropiadamente servicios no existentes, lo que causa una denegación de servicio (fallo del procedimiento de inicio de sesión).", }, ], id: "CVE-2012-1101", lastModified: "2024-11-21T01:36:25.370", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-11T15:15:16.263", references: [ { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2012/03/05/4", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662029", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1101", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://cgit.freedesktop.org/systemd/systemd/commit/?id=9a46fc3b9014de1bf0ed1f3004a536b08a19ebb3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2012/03/05/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662029", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://cgit.freedesktop.org/systemd/systemd/commit/?id=9a46fc3b9014de1bf0ed1f3004a536b08a19ebb3", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-03 03:15
Modified
2024-11-21 05:01
Severity ?
Summary
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | * | |
netapp | active_iq_unified_manager | - | |
netapp | solidfire_\&_hci_management_node | - | |
fedoraproject | fedora | 32 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "10761C00-6450-4377-8DFC-16AE46BE54BB", versionEndIncluding: "245", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.", }, { lang: "es", value: "systemd versiones hasta v245 maneja inapropiadamente los nombres de usuario numéricos, tales como los compuestos por dígitos decimales o 0x seguidos de dígitos hexadecimales, como es demostrado por el uso de privilegios root cuando era previsto privilegios de la cuenta de usuario 0x0. NOTA: este problema se presenta debido a una corrección incompleta para CVE-2017-1000082.", }, ], id: "CVE-2020-13776", lastModified: "2024-11-21T05:01:50.167", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:H/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 1.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-03T03:15:10.677", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/issues/15985", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYGLFEKG45EYBJ7TPQMLWROWPTZBEU63/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200611-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/issues/15985", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYGLFEKG45EYBJ7TPQMLWROWPTZBEU63/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200611-0003/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-04-18 14:55
Modified
2024-11-21 01:35
Severity ?
Summary
The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "D0F8B5B7-699C-4FEB-BD06-096D221839A9", versionEndIncluding: "037", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:1:*:*:*:*:*:*:*", matchCriteriaId: "F94D3F3F-896A-462A-A08E-9E96758C7044", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:2:*:*:*:*:*:*:*", matchCriteriaId: "CC8D95CE-2009-4554-9940-00D9C3558323", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:3:*:*:*:*:*:*:*", matchCriteriaId: "D69D4F3E-C996-4613-933D-CCD60E275F41", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:4:*:*:*:*:*:*:*", matchCriteriaId: "FD1E624C-A4BA-48F9-833B-268BCF4CF9C0", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:5:*:*:*:*:*:*:*", matchCriteriaId: "7C465DE7-15B8-41A1-82A1-FCFC7BC3BAFF", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:6:*:*:*:*:*:*:*", matchCriteriaId: "40BB0049-1585-419A-96B6-18AE7DFB2481", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:7:*:*:*:*:*:*:*", matchCriteriaId: "62854970-1CB8-490C-93D9-73BBA790E972", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:8:*:*:*:*:*:*:*", matchCriteriaId: "0306A23C-8A10-4486-B903-7A45B57C7449", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:9:*:*:*:*:*:*:*", matchCriteriaId: "4FE1A3BA-B695-436F-906A-4BC3AF73F1CE", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:10:*:*:*:*:*:*:*", matchCriteriaId: "EA57D859-BC9C-4D6B-A6DA-72EC50C6B8B2", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:11:*:*:*:*:*:*:*", matchCriteriaId: "E28AE943-31FE-44E2-B605-E2F0CA0864F6", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:12:*:*:*:*:*:*:*", matchCriteriaId: "4DE37C52-32FD-4847-A2CB-5B886945D99A", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:13:*:*:*:*:*:*:*", matchCriteriaId: "F3FAFD13-1E57-4F25-BD74-A0848C9C8C6B", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:14:*:*:*:*:*:*:*", matchCriteriaId: "FE28D3B0-5386-4C19-9EE5-D0900CF17F8B", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:15:*:*:*:*:*:*:*", matchCriteriaId: "831DE806-EBAA-4B9A-8A6C-DA97562ECEA6", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:16:*:*:*:*:*:*:*", matchCriteriaId: "9F93B2D0-5D73-4F91-BEA5-9B78FC9275AA", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:17:*:*:*:*:*:*:*", matchCriteriaId: "F84734C1-2F2B-4DAA-97F1-A4FD8351912E", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:18:*:*:*:*:*:*:*", matchCriteriaId: "9896DD5A-165F-42F6-B3E1-170972E95870", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:19:*:*:*:*:*:*:*", matchCriteriaId: "66F321BA-39FF-4ECE-A834-E703F1E506B7", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:20:*:*:*:*:*:*:*", matchCriteriaId: "F1586F77-1E4A-449C-9B5A-ACC53A0EFB53", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:21:*:*:*:*:*:*:*", matchCriteriaId: "3890D45B-3EF1-4640-9178-0BE44AF6A351", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:22:*:*:*:*:*:*:*", matchCriteriaId: "4B8DA70D-3A30-4284-BDE5-173034217292", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:23:*:*:*:*:*:*:*", matchCriteriaId: "421D9E8B-78EC-40A1-B9FF-A97A02C62516", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:24:*:*:*:*:*:*:*", matchCriteriaId: "73F57756-778D-4EB0-B0E5-B8B5D92705F6", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:25:*:*:*:*:*:*:*", matchCriteriaId: "64D83463-13ED-430C-8C40-2237DF0E3643", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:26:*:*:*:*:*:*:*", matchCriteriaId: "79AF61C4-416D-451A-AACC-16F58341583F", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:27:*:*:*:*:*:*:*", matchCriteriaId: "EC4E6FD6-1682-45D8-ABE1-AF3246ED19F7", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:28:*:*:*:*:*:*:*", matchCriteriaId: "2F122D3A-BA34-47C7-88D6-E6D95336B9C4", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:29:*:*:*:*:*:*:*", matchCriteriaId: "19083D70-7A2E-4064-9145-1B446732BEC9", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:30:*:*:*:*:*:*:*", matchCriteriaId: "187847B5-8B9C-43F2-A473-53618ADE5B46", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:31:*:*:*:*:*:*:*", matchCriteriaId: "08D20503-7386-4883-9BE6-6393783E5E61", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:32:*:*:*:*:*:*:*", matchCriteriaId: "023D79B4-A812-453E-B255-92787C3D2F24", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:33:*:*:*:*:*:*:*", matchCriteriaId: "BE7541DE-707D-4D9A-943E-F664B4A8E269", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:34:*:*:*:*:*:*:*", matchCriteriaId: "ADB3E996-91FD-43F5-BE5D-860F4BE3E79B", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:35:*:*:*:*:*:*:*", matchCriteriaId: "57EC044B-6556-4CE2-B3DB-C03D9D9983CB", vulnerable: true, }, { criteria: "cpe:2.3:a:systemd_project:systemd:36:*:*:*:*:*:*:*", matchCriteriaId: "D59DCAD7-7C82-41A2-89BA-4F05BEC08106", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*", matchCriteriaId: "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.", }, { lang: "es", value: "La función session_link_x11_socket en login/logind-session.c en systemd-logind en systemd, posiblemente 37 y anteriores, permite a usuarios locales crear o sobrescribir archivos arbitrarios a través de un ataque symlink sobre el directorio de usuario X11 en /run/user/.", }, ], id: "CVE-2012-0871", lastModified: "2024-11-21T01:35:52.960", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.3, confidentialityImpact: "NONE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:N/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 9.2, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-04-18T14:55:25.227", references: [ { source: "secalert@redhat.com", url: "http://cgit.freedesktop.org/systemd/systemd/commit/?id=fc3c1c6e091ea16ad5600b145201ec535bbb5d7c", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00030.html", }, { source: "secalert@redhat.com", url: "http://www.osvdb.org/79768", }, { source: "secalert@redhat.com", url: "https://bugzilla.novell.com/show_bug.cgi?id=747154", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=795853", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://cgit.freedesktop.org/systemd/systemd/commit/?id=fc3c1c6e091ea16ad5600b145201ec535bbb5d7c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00030.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/79768", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.novell.com/show_bug.cgi?id=747154", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=795853", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-09-25 21:29
Modified
2024-11-21 02:36
Severity ?
Summary
Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd.
References
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1284642 | Issue Tracking, Patch, Third Party Advisory, VDB Entry | |
secalert@redhat.com | https://github.com/keszybz/systemd/commit/cb31827d62066a04b02111df3052949fda4b6888 | Patch, Third Party Advisory | |
secalert@redhat.com | https://github.com/systemd/systemd/issues/2002 | Exploit, Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1284642 | Issue Tracking, Patch, Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/keszybz/systemd/commit/cb31827d62066a04b02111df3052949fda4b6888 | Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/systemd/systemd/issues/2002 | Exploit, Patch, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | 223 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:223:*:*:*:*:*:*:*", matchCriteriaId: "299693FA-4A78-4FBC-8F1B-4057D33048DE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd.", }, { lang: "es", value: "Existe un desbordamiento de búfer basado en pila en las funciones getpwnam y getgrnam del módulo NSS nss-mymachines en systemd.", }, ], id: "CVE-2015-7510", lastModified: "2024-11-21T02:36:54.210", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-09-25T21:29:00.727", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1284642", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/keszybz/systemd/commit/cb31827d62066a04b02111df3052949fda4b6888", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/issues/2002", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1284642", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/keszybz/systemd/commit/cb31827d62066a04b02111df3052949fda4b6888", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/issues/2002", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-14 22:29
Modified
2024-11-21 03:53
Severity ?
Summary
It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | * | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
canonical | ubuntu_linux | 19.10 | |
redhat | enterprise_linux | 7.0 | |
netapp | active_iq_performance_analytics_services | - | |
netapp | element_software | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "8FFE2618-BA1B-4FAB-8449-83CAAFCDCFAA", versionEndExcluding: "237", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*", matchCriteriaId: "83077160-BB98-408B-81F0-8EF9E566BF28", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", }, { lang: "es", value: "Se ha descubierto que systemd no comprueba correctamente el contenido de archivos PIDFile antes de emplearlo para terminar procesos. Cuando un servicio se ejecuta desde un usuario sin privilegios (p.ej. un campo de usuario establecido en el archivo de servicio) un atacante local capaz de escribir en el archivo PIDFile del servicio mencionado podría aprovechar este fallo para engañar a systemd para que termine otros servicios y/o procesos privilegiados. Las versiones anteriores a la v237 son vulnerables.", }, ], id: "CVE-2018-16888", lastModified: "2024-11-21T03:53:32.423", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 1.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "secalert@redhat.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-14T22:29:00.233", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2091", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74%40%3Cuser.cassandra.apache.org%3E", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190307-0007/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4269-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2091", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74%40%3Cuser.cassandra.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190307-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4269-1/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-250", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-07 17:29
Modified
2024-11-21 03:04
Severity ?
Summary
systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.openwall.com/lists/oss-security/2017/07/02/1 | Mailing List, Patch, Third Party Advisory | |
cve@mitre.org | http://www.securityfocus.com/bid/99507 | Third Party Advisory, VDB Entry | |
cve@mitre.org | http://www.securitytracker.com/id/1038839 | Third Party Advisory, VDB Entry | |
cve@mitre.org | https://github.com/systemd/systemd/issues/6237 | Issue Tracking, Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2017/07/02/1 | Mailing List, Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99507 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038839 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/systemd/systemd/issues/6237 | Issue Tracking, Patch, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", matchCriteriaId: "4EA3AF57-73E4-44F8-88EF-574BD0A10EE5", versionEndExcluding: "234", versionStartIncluding: "229", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. \"0day\"), running the service in question with root privileges rather than the user intended.", }, { lang: "es", value: "systemd versión v233 y anteriores, no pueden analizar de forma segura los nombres de usuario que comienzan con un dígito numérico (por ejemplo, \"\"0day\"\"), ejecutando el servicio en cuestión con privilegios root en lugar de lo que el usuario desea.", }, ], id: "CVE-2017-1000082", lastModified: "2024-11-21T03:04:06.873", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-07T17:29:00.277", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2017/07/02/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99507", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038839", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/issues/6237", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2017/07/02/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99507", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038839", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/systemd/systemd/issues/6237", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-13 17:15
Modified
2024-11-21 08:01
Severity ?
Summary
An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | 253 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:systemd_project:systemd:253:-:*:*:*:*:*:*", matchCriteriaId: "733DE777-9802-4CB6-8B03-6B6295BCE29D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", }, ], id: "CVE-2023-31439", lastModified: "2024-11-21T08:01:52.097", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-13T17:15:14.753", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/kastel-security/Journald", }, { source: "cve@mitre.org", tags: [ "Technical Description", ], url: "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", }, { source: "cve@mitre.org", url: "https://github.com/systemd/systemd/pull/28885", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/systemd/systemd/releases", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/kastel-security/Journald", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", ], url: "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/systemd/systemd/pull/28885", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/systemd/systemd/releases", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-354", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }