Lucene search

K

PRIOn knowledge basePRION:CVE-2019-6454

HistoryMar 21, 2019 - 4:01 p.m.

Stack overflow

2019-03-2116:01:00

PRIOn knowledge base

www.prio-n.com

6

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.2 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

8.3%

An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).

CPENameOperatorVersion
ubuntu_linuxeq16.04
ubuntu_linuxeq18.04
ubuntu_linuxeq18.10
debian_linuxeq8.0
debian_linuxeq9.0
fedoraeq29
web_gatewayge8.0.0
web_gatewaylt8.1.1
web_gatewaylt7.7.2.21
web_gatewayge7.8.0

Rows per page:

1-10 of 561

References

lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html

lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html

www.openwall.com/lists/oss-security/2019/02/18/3

www.openwall.com/lists/oss-security/2019/02/19/1

www.openwall.com/lists/oss-security/2021/07/20/2

www.securityfocus.com/bid/107081

access.redhat.com/errata/RHSA-2019:0368

access.redhat.com/errata/RHSA-2019:0990

access.redhat.com/errata/RHSA-2019:1322

access.redhat.com/errata/RHSA-2019:1502

access.redhat.com/errata/RHSA-2019:2805

github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c

kc.mcafee.com/corporate/index?page=content&id=SB10278

lists.debian.org/debian-lts-announce/2019/02/msg00031.html

lists.fedoraproject.org/archives/list/[email protected]/message/N67IOBOTDOMVNQJ5QRU2MXLEECXPGNVJ/

security.netapp.com/advisory/ntap-20190327-0004/

usn.ubuntu.com/3891-1/

www.debian.org/security/2019/dsa-4393

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.2 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

8.3%

Related for PRION:CVE-2019-6454

suse3 nessus38 ibm5 openvas23 veracode1 debian3 redhat8 osv2 oraclelinux2 ubuntu1 altlinux1 redhatcve1 cbl_mariner1 ubuntucve1 amazon2 centos1 archlinux1 cve1 debiancve1 cloudfoundry1 f51 gentoo1 fedora3 photon5