NewStart CGSL MAIN 6.06 (SP) : systemd Multiple Vulnerabilities (NS-SA-2026-0021)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has systemd packages installed that are affected by multiple vulnerabilities: - A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus...

EUVD-2018-7556

Malware in sbrugna...

EulerOS 2.0 SP3 : systemd (EulerOS-SA-2019-1998)

According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It has been discovered that systemd-tmpfiles mishandles symbolic links present in non-terminal path components. In some configurations a local...

SUSE-SU-2018:3767-2 Security update for systemd

This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. bsc1113632 - CVE-2018-15686: A vulnerability in unitdeserializ...

openSUSE Security Update : systemd (openSUSE-2018-1423)

This update for systemd fixes the following issues : Security issues fixed : - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. bsc1113632 - CVE-2018-15686: A vulnerability in...

Privilege Escalation

libsystemd.so is vulnerable to privilege escalation. When NotifyAccess != none, the line read by fgets in the unitdeserialize function allows line splitting during daemon-reexec when long lines are submitted which can result in state injection. An attacker is able to exploit this vulnerability to...

systemd - reexec State Injection Exploit

Exploit for linux platform in category dos / poc / I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at https://github.com/systemd/systemd/blob/master/docs/CONTRIBUTING.mdsecurity-vulnerability-reports . When systemd re-executes e.g. during a package upgrade,...

systemd - reexec State Injection

systemd - reexec State Injection / I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at https://github.com/systemd/systemd/blob/master/docs/CONTRIBUTING.mdsecurity-vulnerability-reports . When systemd re-executes e.g. during a package upgrade, state is...

systemd - 'reexec' State Injection

/ I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at https://github.com/systemd/systemd/blob/master/docs/CONTRIBUTING.mdsecurity-vulnerability-reports . When systemd re-executes e.g. during a package upgrade, state is serialized into a memfd before the execv...

DEBIAN-CVE-2018-15686

A vulnerability in unitdeserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and...

CVE-2018-15686

CVE-2018-15686 affects systemd up to version 239, where unit_deserialize can be manipulated via NotifyAccess to inject arbitrary state across re-execution, potentially enabling root privilege escalation. Exploitation has been demonstrated (e.g., exploit-db link in references). Remediation is to u...

CVE-2018-15686 systemd: reexec state injection: fgets() on overlong lines leads to line splitting

A vulnerability in unitdeserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and...

Linux systemd Line Splitting

systemd: reexec state injection: fgets on overlong lines leads to line splitting CVE-2018-15686 I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at https://github.com/systemd/systemd/blob/master/docs/CONTRIBUTING.mdsecurity-vulnerability-reports . When system...

CVE-2018-15686

A vulnerability in unitdeserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and...

Linux systemd Line Splitting Exploit

Linux has an issue with systemd where overlong input to fgets during reexec state injection can lead to line splitting. systemd: reexec state injection: fgets on overlong lines leads to line splitting CVE-2018-15686 I am sending this bug report to Ubuntu, even though it's an upstream bug, as...