{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-02-18T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-20T14:06:12", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "FEDORA-2019-8434288a24", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N67IOBOTDOMVNQJ5QRU2MXLEECXPGNVJ/"}, {"name": "[oss-security] 20190218 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/02/18/3"}, {"name": "107081", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/107081"}, {"name": "USN-3891-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3891-1/"}, {"name": "RHSA-2019:0368", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:0368"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c"}, {"name": "SUSE-SA:2019:0255-1", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html"}, {"name": "[oss-security] 20190219 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/02/19/1"}, {"name": "[SECURITY] [DLA 1684-1] 20190219 systemd security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00031.html"}, {"name": "DSA-4393-1", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4393"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190327-0004/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10278"}, {"name": "RHSA-2019:0990", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:0990"}, {"name": "openSUSE-SU-2019:1450", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html"}, {"name": "RHSA-2019:1322", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1322"}, {"name": "RHSA-2019:1502", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1502"}, {"name": "RHSA-2019:2805", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2805"}, {"name": "[oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/07/20/2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-6454", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2019-8434288a24", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N67IOBOTDOMVNQJ5QRU2MXLEECXPGNVJ/"}, {"name": "[oss-security] 20190218 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/02/18/3"}, {"name": "107081", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107081"}, {"name": "USN-3891-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3891-1/"}, {"name": "RHSA-2019:0368", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0368"}, {"name": "https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c", "refsource": "MISC", "url": "https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c"}, {"name": "SUSE-SA:2019:0255-1", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html"}, {"name": "[oss-security] 20190219 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/02/19/1"}, {"name": "[SECURITY] [DLA 1684-1] 20190219 systemd security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00031.html"}, {"name": "DSA-4393-1", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4393"}, {"name": "https://security.netapp.com/advisory/ntap-20190327-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190327-0004/"}, {"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10278", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10278"}, {"name": "RHSA-2019:0990", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0990"}, {"name": "openSUSE-SU-2019:1450", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html"}, {"name": "RHSA-2019:1322", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1322"}, {"name": "RHSA-2019:1502", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1502"}, {"name": "RHSA-2019:2805", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2805"}, {"name": "[oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/07/20/2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:23:21.049Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2019-8434288a24", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N67IOBOTDOMVNQJ5QRU2MXLEECXPGNVJ/"}, {"name": "[oss-security] 20190218 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/02/18/3"}, {"name": "107081", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/107081"}, {"name": "USN-3891-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3891-1/"}, {"name": "RHSA-2019:0368", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:0368"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c"}, {"name": "SUSE-SA:2019:0255-1", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html"}, {"name": "[oss-security] 20190219 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/02/19/1"}, {"name": "[SECURITY] [DLA 1684-1] 20190219 systemd security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00031.html"}, {"name": "DSA-4393-1", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4393"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190327-0004/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10278"}, {"name": "RHSA-2019:0990", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:0990"}, {"name": "openSUSE-SU-2019:1450", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html"}, {"name": "RHSA-2019:1322", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1322"}, {"name": "RHSA-2019:1502", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1502"}, {"name": "RHSA-2019:2805", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2805"}, {"name": "[oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/07/20/2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-6454", "datePublished": "2019-03-17T16:38:57", "dateReserved": "2019-01-16T00:00:00", "dateUpdated": "2024-08-04T20:23:21.049Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:systemd_project:systemd:239:*:*:*:*:*:*:*", "matchCriteriaId": "6867987C-E8AF-4CBB-92A4-4F1D85976482", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*", "matchCriteriaId": "83077160-BB98-408B-81F0-8EF9E566BF28", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "D0C69E57-48DE-467F-8ADD-B4601CE1611E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "6C34DD8A-17C5-489C-9140-447784F27607", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "8254A580-9C03-4DEE-9EC3-9FA328247AAD", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "280D547B-F204-4848-9262-A103176B740C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "0AB105EC-19F9-424A-86F1-305A6FD74A9C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "8C9BD9AE-46FC-4609-8D99-A3CFE91D58D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "277E06A0-90F5-4F97-94EA-5A18E242B800", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "47811209-5CE5-4375-8391-B0A7F6A0E420", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "DF307B8C-4548-47D9-9D2E-F61AE0BFAADD", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "6617354C-ACF6-447F-A1A7-D69E43CF5A7E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "8EB6F417-25D0-4A28-B7BA-D21929EAA9E9", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "E5C80DB2-4A78-4EC9-B2A8-1E4D902C4834", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "983533DD-3970-4A37-9A9C-582BD48AA1E5", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "36312FC8-1252-4E9C-9364-4F2FAAAAD0F4", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "C81C5D4E-3CAD-43CE-82BC-B0619CA3A74A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "4D7B1FA1-2A13-414C-B76B-91113336E9CE", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "4DF2B9A2-8CA6-4EDF-9975-07265E363ED2", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "7DA6A5AF-2EBE-4ED9-B312-DCD9D150D031", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "AA5F8426-5EEB-4013-BE49-8E705DA140B9", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "8C7E9628-0915-4C49-8929-F5E060A20CBB", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "ADD254BD-1F70-476C-BE15-7945DED7963B", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "48C2E003-A71C-4D06-B8B3-F93160568182", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "3921C1CF-A16D-4727-99AD-03EFFA7C91CA", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0BD6333-F674-4A2D-9E63-6177FC0F85FA", "versionEndExcluding": "7.7.2.21", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "43FAD524-3E83-482B-8F74-6014BC52F46B", "versionEndExcluding": "7.8.2.8", "versionStartIncluding": "7.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D943214-14D8-47BC-BCF4-76B78EE95028", "versionEndExcluding": "8.1.1", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic)."}, {"lang": "es", "value": "Se ha descubierto un problema en sd-bus en systemd 239. bus_process_object() en libsystemd/sd-bus/bus-objects.c asigna un b\u00fafer de pila de longitud variable para almacenar temporalmente la ruta de objeto de los mensajes D-Bus entrantes. Un usuario local sin privilegios puede explotar esto enviando un mensaje especialmente manipulado a PID1, provocando que el puntero de la pila salte por las p\u00e1ginas guard de la pila hasta una regi\u00f3n de memoria no mapeada y desencadene una denegaci\u00f3n de servicio (cierre inesperado del PID1 en systemd y p\u00e1nico del kernel)."}], "id": "CVE-2019-6454", "lastModified": "2023-11-07T03:13:09.723", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-21T16:01:08.203", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/02/18/3"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/02/19/1"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/07/20/2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107081"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0368"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0990"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1322"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1502"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2805"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10278"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00031.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N67IOBOTDOMVNQJ5QRU2MXLEECXPGNVJ/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190327-0004/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3891-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4393"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Chris Coulson (Ubuntu Security) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2019:0368", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "systemd-0:219-62.el7_6.5", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-02-19T00:00:00Z"}, {"advisory": "RHSA-2019:2805", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "systemd-0:219-30.el7_3.14", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2019-09-19T00:00:00Z"}, {"advisory": "RHSA-2019:2805", "cpe": "cpe:/o:redhat:rhel_tus:7.3", "package": "systemd-0:219-30.el7_3.14", "product_name": "Red Hat Enterprise Linux 7.3 Telco Extended Update Support", "release_date": "2019-09-19T00:00:00Z"}, {"advisory": "RHSA-2019:2805", "cpe": "cpe:/o:redhat:rhel_e4s:7.3", "package": "systemd-0:219-30.el7_3.14", "product_name": "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions", "release_date": "2019-09-19T00:00:00Z"}, {"advisory": "RHSA-2019:1502", "cpe": "cpe:/o:redhat:rhel_eus:7.4", "package": "systemd-0:219-42.el7_4.16", "product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support", "release_date": "2019-06-18T00:00:00Z"}, {"advisory": "RHSA-2019:1322", "cpe": "cpe:/o:redhat:rhel_eus:7.5", "package": "systemd-0:219-57.el7_5.6", "product_name": "Red Hat Enterprise Linux 7.5 Extended Update Support", "release_date": "2019-06-04T00:00:00Z"}, {"advisory": "RHSA-2019:0990", "cpe": "cpe:/o:redhat:enterprise_linux:8", "impact": "moderate", "package": "systemd-0:239-13.el8_0.3", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-05-07T00:00:00Z"}, {"advisory": "RHSA-2019:0457", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "impact": "moderate", "package": "redhat-release-virtualization-host-0:4.2-8.3.el7", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-03-05T00:00:00Z"}, {"advisory": "RHSA-2019:0457", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "impact": "moderate", "package": "redhat-virtualization-host-0:4.2-20190219.0.el7_6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-03-05T00:00:00Z"}, {"advisory": "RHSA-2019:0461", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "impact": "moderate", "package": "rhvm-appliance-0:4.2-20190224.0.el7", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-03-05T00:00:00Z"}], "bugzilla": {"description": "systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash", "id": "1667032", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667032"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).", "It was discovered that systemd allocates a buffer large enough to store the path field of a dbus message without performing enough checks. A local attacker may trigger this flaw by sending a dbus message to systemd with a large path making systemd crash or possibly elevating his privileges."], "name": "CVE-2019-6454", "public_date": "2019-02-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-6454\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6454"], "statement": "This vulnerability is present in Red Hat Virtualization Hypervisor and Management Appliance, however it can only be exploited locally. Since these systems do not typically have local user accounts, this issue has been rated Moderate severity for Red Hat Virtualization 4.", "threat_severity": "Important"}