7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.3%
Severity: Medium
Date : 2019-01-08
CVE-ID : CVE-2018-6954 CVE-2018-16866
Package : systemd
Type : multiple issues
Remote : No
Link : https://security.archlinux.org/AVG-615
The package systemd before version 240.0-3 is vulnerable to multiple
issues including arbitrary file overwrite and information disclosure.
Upgrade to 240.0-3.
The problems have been fixed upstream in version 240.0.
None.
systemd-tmpfiles in systemd through 237 mishandles symlinks present in
non-terminal path components, which allows local users to obtain
ownership of arbitrary files via vectors involving creation of a
directory and a file under that directory, and later replacing that
directory with a symlink. This occurs even if the fs.protected_symlinks
sysctl is turned on.
An out-of-bounds read has been found in the journald component of
systemd >= v221 and < v240, in the syslog_parse_identifier() function
in journald-syslog.c. A crafted syslog message whose last character is
‘:’ can trigger this vulnerability to leak information about the
content of the memory.
A local attacker is able to obtain ownership of arbitrary files or
disclose information using a specially crafted syslog message.
https://github.com/systemd/systemd/issues/7986
https://github.com/systemd/systemd/pull/8822
https://www.qualys.com/2019/01/09/system-down/system-down.txt
https://www.openwall.com/lists/oss-security/2019/01/09/3
https://github.com/systemd/systemd/commit/a6aadf4ae0bae185dc4c414d492a4a781c80ffe5
https://github.com/systemd/systemd/commit/8595102d3ddde6d25c282f965573a6de34ab4421
https://security.archlinux.org/CVE-2018-6954
https://security.archlinux.org/CVE-2018-16866
github.com/systemd/systemd/commit/8595102d3ddde6d25c282f965573a6de34ab4421
github.com/systemd/systemd/commit/a6aadf4ae0bae185dc4c414d492a4a781c80ffe5
github.com/systemd/systemd/issues/7986
github.com/systemd/systemd/pull/8822
security.archlinux.org/AVG-615
security.archlinux.org/CVE-2018-16866
security.archlinux.org/CVE-2018-6954
www.openwall.com/lists/oss-security/2019/01/09/3
www.qualys.com/2019/01/09/system-down/system-down.txt
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.3%