CVE-2018-15686

Description

A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.

CVSS Metrics

• v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
• v3.0•HIGH•Score: 7CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
• v2.0•HIGH•Score: 7.2AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 1.53%• Percentile: 82%

Techniques & Countermeasures

• CWE-502•Deserialization of Untrusted Data

  The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Affected Systems

• canonical•ubuntu_linux

  16.04 | 18.04 | 18.10

• debian•debian_linux

  8.0

• oracle•communications_cloud_native_core_network_function_cloud_native_environment

  1.4.0

• systemd_project•systemd

  ≤ 239

• systemd•systemd

  ≥ unspecified, ≤ 239

References (11)

• https://security.gentoo.org/glsa/201810-10
• https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html
• http://www.securityfocus.com/bid/105747
• https://www.exploit-db.com/exploits/45714/
• https://usn.ubuntu.com/3816-1/
• https://access.redhat.com/errata/RHSA-2019:2091
• https://access.redhat.com/errata/RHSA-2019:3222
• https://access.redhat.com/errata/RHSA-2020:0593
• https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
• https://www.oracle.com//security-alerts/cpujul2021.html
• https://github.com/systemd/systemd/pull/10519