CVE-2019-6454

Description

An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).

CVSS Metrics

• v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
• v2.0•MEDIUM•Score: 4.9AV:L/AC:L/Au:N/C:N/I:N/A:C

EPSS Trends

Current EPSS score: 0.14%• Percentile: 34%

Techniques & Countermeasures

• CWE-787•Out-of-bounds Write

  The product writes data past the end, or before the beginning, of the intended buffer.

Affected Systems

• canonical•ubuntu_linux

  16.04 | 18.04 | 18.10

• debian•debian_linux

  8.0 | 9.0

• fedoraproject•fedora

  29

• mcafee•web_gateway

  < 7.7.2.21 | ≥ 7.8.0, < 7.8.2.8 | ≥ 8.0.0, < 8.1.1

• netapp•active_iq_performance_analytics_services

  na

• opensuse•leap

  15.0

• redhat•enterprise_linux

  8.0

• redhat•enterprise_linux_compute_node_eus

  7.5

• redhat•enterprise_linux_desktop

  7.0

• redhat•enterprise_linux_eus

  7.4 | 7.5 | 8.1 | 8.2 | 8.4

• redhat•enterprise_linux_for_ibm_z_systems_eus

  7.4 | 7.5 | 8.1 | 8.2 | 8.4

• redhat•enterprise_linux_for_power_big_endian_eus

  7.4

• redhat•enterprise_linux_for_power_little_endian

  8.0

• redhat•enterprise_linux_for_power_little_endian_eus

  7.4 | 7.5 | 8.1 | 8.2 | 8.4

• redhat•enterprise_linux_server

  7.0

• redhat•enterprise_linux_server_aus

  7.3 | 7.4 | 7.6 | 8.2 | 8.4

• redhat•enterprise_linux_server_eus

  7.6

• redhat•enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions

  7.3 | 7.4 | 8.0 | 8.1 | 8.2

• redhat•enterprise_linux_server_tus

  7.3 | 7.4 | 7.6 | 8.2 | 8.4

• redhat•enterprise_linux_server_update_services_for_sap_solutions

  7.3 | 7.4 | 8.0 | 8.1 | 8.2

• redhat•enterprise_linux_workstation

  7.0

• systemd_project•systemd

  239

References (18)

• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N67IOBOTDOMVNQJ5QRU2MXLEECXPGNVJ/
• http://www.openwall.com/lists/oss-security/2019/02/18/3
• http://www.securityfocus.com/bid/107081
• https://usn.ubuntu.com/3891-1/
• https://access.redhat.com/errata/RHSA-2019:0368
• https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c
• http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html
• http://www.openwall.com/lists/oss-security/2019/02/19/1
• https://lists.debian.org/debian-lts-announce/2019/02/msg00031.html
• https://www.debian.org/security/2019/dsa-4393
• https://security.netapp.com/advisory/ntap-20190327-0004/
• https://kc.mcafee.com/corporate/index?page=content&id=SB10278
• https://access.redhat.com/errata/RHSA-2019:0990
• http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html
• https://access.redhat.com/errata/RHSA-2019:1322
• https://access.redhat.com/errata/RHSA-2019:1502
• https://access.redhat.com/errata/RHSA-2019:2805
• http://www.openwall.com/lists/oss-security/2021/07/20/2