{"containers": {"cna": {"affected": [{"product": "systemd", "vendor": "systemd", "versions": [{"lessThanOrEqual": "239", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Jann Horn"}], "datePublic": "2018-10-25T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "fgets() can be confused by overly-long input strings. The first read will return a partial string and subsequent reads will begin as if it were a new line.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-20T22:53:12", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"name": "GLSA-201810-10", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201810-10"}, {"name": "[debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html"}, {"name": "105747", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105747"}, {"name": "45714", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/45714/"}, {"name": "USN-3816-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3816-1/"}, {"name": "RHSA-2019:2091", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2091"}, {"name": "RHSA-2019:3222", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3222"}, {"name": "RHSA-2020:0593", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0593"}, {"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/systemd/systemd/pull/10519"}], "source": {"defect": ["https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1796402"], "discovery": "EXTERNAL"}, "title": "systemd: reexec state injection: fgets() on overlong lines leads to line splitting", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@ubuntu.com", "DATE_PUBLIC": "2018-10-25T00:00:00.000Z", "ID": "CVE-2018-15686", "STATE": "PUBLIC", "TITLE": "systemd: reexec state injection: fgets() on overlong lines leads to line splitting"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "systemd", "version": {"version_data": [{"affected": "<=", "version_affected": "<=", "version_value": "239"}]}}]}, "vendor_name": "systemd"}]}}, "credit": [{"lang": "eng", "value": "Jann Horn"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "fgets() can be confused by overly-long input strings. The first read will return a partial string and subsequent reads will begin as if it were a new line."}]}]}, "references": {"reference_data": [{"name": "GLSA-201810-10", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201810-10"}, {"name": "[debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html"}, {"name": "105747", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105747"}, {"name": "45714", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/45714/"}, {"name": "USN-3816-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3816-1/"}, {"name": "RHSA-2019:2091", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2091"}, {"name": "RHSA-2019:3222", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3222"}, {"name": "RHSA-2020:0593", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0593"}, {"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"}, {"name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"name": "https://github.com/systemd/systemd/pull/10519", "refsource": "MISC", "url": "https://github.com/systemd/systemd/pull/10519"}]}, "source": {"defect": ["https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1796402"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:01:54.314Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-201810-10", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201810-10"}, {"name": "[debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html"}, {"name": "105747", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105747"}, {"name": "45714", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/45714/"}, {"name": "USN-3816-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3816-1/"}, {"name": "RHSA-2019:2091", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2091"}, {"name": "RHSA-2019:3222", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3222"}, {"name": "RHSA-2020:0593", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0593"}, {"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/systemd/systemd/pull/10519"}]}]}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2018-15686", "datePublished": "2018-10-26T14:00:00Z", "dateReserved": "2018-08-22T00:00:00", "dateUpdated": "2024-09-16T23:35:50.701Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", "matchCriteriaId": "6091DEBE-CF1A-4BD9-9ECC-50715D8241E2", "versionEndIncluding": "239", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E47FBC8E-1C21-4448-8C59-4D48F08B151B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239."}, {"lang": "es", "value": "Una vulnerabilidad en unit_deserialize de systemd permite que un atacante proporcione estados arbitrarios en la reejecuci\u00f3n de systemd mediante NotifyAccess. Esto puede emplearse para influenciar incorrectamente la ejecuci\u00f3n de systemd y podr\u00eda conducir a un escalado de privilegios root. Las versiones afectadas de systemd son todas hasta la 239 incluida."}], "id": "CVE-2018-15686", "lastModified": "2023-11-07T02:53:18.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "security@ubuntu.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-26T14:29:00.613", "references": [{"source": "security@ubuntu.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105747"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2091"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3222"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0593"}, {"source": "security@ubuntu.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/systemd/systemd/pull/10519"}, {"source": "security@ubuntu.com", "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"}, {"source": "security@ubuntu.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201810-10"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3816-1/"}, {"source": "security@ubuntu.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/45714/"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Jann Horn (Google Project Zero) and Ubuntu for reporting this issue.", "affected_release": [{"advisory": "RHBA-2020:0547", "cpe": "cpe:/a:redhat:ansible_tower:3.4::el7", "package": "ansible-tower-34/ansible-tower-memcached:1.4.15-28", "product_name": "Red Hat Ansible Tower 3.4 for RHEL 7", "release_date": "2020-02-18T00:00:00Z"}, {"advisory": "RHBA-2020:0547", "cpe": "cpe:/a:redhat:ansible_tower:3.4::el7", "package": "ansible-tower-35/ansible-tower-memcached:1.4.15-28", "product_name": "Red Hat Ansible Tower 3.4 for RHEL 7", "release_date": "2020-02-18T00:00:00Z"}, {"advisory": "RHBA-2020:0547", "cpe": "cpe:/a:redhat:ansible_tower:3.4::el7", "package": "ansible-tower-37/ansible-tower-memcached-rhel7:1.4.15-28", "product_name": "Red Hat Ansible Tower 3.4 for RHEL 7", "release_date": "2020-02-18T00:00:00Z"}, {"advisory": "RHSA-2019:2091", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "systemd-0:219-67.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-08-06T00:00:00Z"}, {"advisory": "RHSA-2020:0593", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "systemd-0:219-42.el7_4.20", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2020-02-25T00:00:00Z"}, {"advisory": "RHSA-2020:0593", "cpe": "cpe:/o:redhat:rhel_tus:7.4", "package": "systemd-0:219-42.el7_4.20", "product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date": "2020-02-25T00:00:00Z"}, {"advisory": "RHSA-2020:0593", "cpe": "cpe:/o:redhat:rhel_e4s:7.4", "package": "systemd-0:219-42.el7_4.20", "product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date": "2020-02-25T00:00:00Z"}, {"advisory": "RHSA-2020:1264", "cpe": "cpe:/o:redhat:rhel_eus:7.5", "package": "systemd-0:219-57.el7_5.9", "product_name": "Red Hat Enterprise Linux 7.5 Extended Update Support", "release_date": "2020-04-01T00:00:00Z"}, {"advisory": "RHSA-2019:3222", "cpe": "cpe:/o:redhat:rhel_eus:7.6", "package": "systemd-0:219-62.el7_6.11", "product_name": "Red Hat Enterprise Linux 7.6 Extended Update Support", "release_date": "2019-10-29T00:00:00Z"}], "bugzilla": {"description": "systemd: line splitting via fgets() allows for state injection during daemon-reexec", "id": "1639071", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1639071"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "status": "verified"}, "cwe": "CWE-20", "details": ["A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.", "It was discovered that systemd is vulnerable to a state injection attack when deserializing the state of a service. Properties longer than LINE_MAX are not correctly parsed and an attacker may abuse this flaw in particularly configured services to inject, change, or corrupt the service state."], "name": "CVE-2018-15686", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "systemd", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2018-10-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-15686\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15686"], "threat_severity": "Moderate"}