{"containers": {"cna": {"affected": [{"product": "systemd", "vendor": "The systemd Project", "versions": [{"status": "affected", "version": "v237"}]}], "datePublic": "2017-08-17T00:00:00", "descriptions": [{"lang": "en", "value": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-250", "description": "CWE-250", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-02-14T01:06:08", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190307-0007/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888"}, {"name": "RHSA-2019:2091", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2091"}, {"name": "[cassandra-user] 20190809 cassandra does not start with new systemd version", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74%40%3Cuser.cassandra.apache.org%3E"}, {"name": "USN-4269-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4269-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-16888", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "systemd", "version": {"version_data": [{"version_value": "v237"}]}}]}, "vendor_name": "The systemd Project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable."}]}, "impact": {"cvss": [[{"vectorString": "4.4/CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-250"}]}]}, "references": {"reference_data": [{"name": "https://security.netapp.com/advisory/ntap-20190307-0007/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190307-0007/"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888"}, {"name": "RHSA-2019:2091", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2091"}, {"name": "[cassandra-user] 20190809 cassandra does not start with new systemd version", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E"}, {"name": "USN-4269-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4269-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:39:58.066Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190307-0007/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888"}, {"name": "RHSA-2019:2091", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2091"}, {"name": "[cassandra-user] 20190809 cassandra does not start with new systemd version", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74%40%3Cuser.cassandra.apache.org%3E"}, {"name": "USN-4269-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4269-1/"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-16888", "datePublished": "2019-01-14T22:00:00", "dateReserved": "2018-09-11T00:00:00", "dateUpdated": "2024-08-05T10:39:58.066Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FFE2618-BA1B-4FAB-8449-83CAAFCDCFAA", "versionEndExcluding": "237", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*", "matchCriteriaId": "83077160-BB98-408B-81F0-8EF9E566BF28", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable."}, {"lang": "es", "value": "Se ha descubierto que systemd no comprueba correctamente el contenido de archivos PIDFile antes de emplearlo para terminar procesos. Cuando un servicio se ejecuta desde un usuario sin privilegios (p.ej. un campo de usuario establecido en el archivo de servicio) un atacante local capaz de escribir en el archivo PIDFile del servicio mencionado podr\u00eda aprovechar este fallo para enga\u00f1ar a systemd para que termine otros servicios y/o procesos privilegiados. Las versiones anteriores a la v237 son vulnerables."}], "id": "CVE-2018-16888", "lastModified": "2024-11-21T03:53:32.423", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-14T22:29:00.233", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2091"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74%40%3Cuser.cassandra.apache.org%3E"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190307-0007/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4269-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2091"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74%40%3Cuser.cassandra.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190307-0007/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4269-1/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-250"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHBA-2020:0547", "cpe": "cpe:/a:redhat:ansible_tower:3.4::el7", "package": "ansible-tower-34/ansible-tower-memcached:1.4.15-28", "product_name": "Red Hat Ansible Tower 3.4 for RHEL 7", "release_date": "2020-02-18T00:00:00Z"}, {"advisory": "RHBA-2020:0547", "cpe": "cpe:/a:redhat:ansible_tower:3.4::el7", "package": "ansible-tower-35/ansible-tower-memcached:1.4.15-28", "product_name": "Red Hat Ansible Tower 3.4 for RHEL 7", "release_date": "2020-02-18T00:00:00Z"}, {"advisory": "RHBA-2020:0547", "cpe": "cpe:/a:redhat:ansible_tower:3.4::el7", "package": "ansible-tower-37/ansible-tower-memcached-rhel7:1.4.15-28", "product_name": "Red Hat Ansible Tower 3.4 for RHEL 7", "release_date": "2020-02-18T00:00:00Z"}, {"advisory": "RHSA-2019:2091", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "systemd-0:219-67.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-08-06T00:00:00Z"}], "bugzilla": {"description": "systemd: kills privileged process if unprivileged PIDFile was tampered", "id": "1662867", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1662867"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-250", "details": ["It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes."], "name": "CVE-2018-16888", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "systemd", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2017-08-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-16888\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16888"], "threat_severity": "Low"}

{}