Lucene search

[email protected]NVD:CVE-2018-16866

HistoryJan 11, 2019 - 7:29 p.m.

CVE-2018-16866

2019-01-1119:29:00

CWE-200

CWE-125

[email protected]

web.nvd.nist.gov

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.1%

JSON

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ‘:’. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.

Affected configurations

NVD

Node

systemd_projectsystemdRange221–239

Node

debiandebian_linuxMatch9.0

Node

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch18.10

Node

netappactive_iq_performance_analytics_servicesMatch-

netappelement_software

Node

redhatenterprise_linuxMatch7.6

redhatenterprise_linux_compute_node_eusMatch7.6

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_for_ibm_z_systems_\(structure_a\)Match7_s390x

redhatenterprise_linux_for_ibm_z_systems_eusMatch7.6

redhatenterprise_linux_for_power_big_endianMatch7.0

redhatenterprise_linux_for_power_big_endian_eusMatch7.6

redhatenterprise_linux_for_power_little_endianMatch7.0

redhatenterprise_linux_for_power_little_endian_eusMatch7.6

redhatenterprise_linux_for_scientific_computingMatch7.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.4

redhatenterprise_linux_server_ausMatch7.6

redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch7.4

redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch7.6

redhatenterprise_linux_server_tusMatch7.4

redhatenterprise_linux_server_tusMatch7.6

redhatenterprise_linux_server_update_services_for_sap_solutionsMatch7.4

redhatenterprise_linux_server_update_services_for_sap_solutionsMatch7.6

redhatenterprise_linux_workstationMatch7.0

References

packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html

seclists.org/fulldisclosure/2019/May/21

www.openwall.com/lists/oss-security/2019/05/10/4

www.securityfocus.com/bid/106527

access.redhat.com/errata/RHSA-2019:2091

access.redhat.com/errata/RHSA-2019:3222

access.redhat.com/errata/RHSA-2020:0593

bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866

seclists.org/bugtraq/2019/May/25

security.gentoo.org/glsa/201903-07

security.netapp.com/advisory/ntap-20190117-0001/

usn.ubuntu.com/3855-1/

www.debian.org/security/2019/dsa-4367

www.qualys.com/2019/01/09/system-down/system-down.txt

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.1%

JSON

Related for NVD:CVE-2018-16866