Oracle Linux 7 : systemd (ELSA-2019-2091)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2091 advisory. - core: when deserializing state always use readline, LONGLINEMAX, CVE-2018-15686 - dhcp6: make sure we have enough space for the DHCP6 option header...

K40356136: systemd vulnerability CVE-2018-15686

Security Advisory Description A vulnerability in unitdeserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are...

SUSE: Security Advisory (SUSE-SU-2018:3767-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2020-1451)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2019-1998)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : systemd (EulerOS-SA-2019-1998)

According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It has been discovered that systemd-tmpfiles mishandles symbolic links present in non-terminal path components. In some configurations a local...

openSUSE Security Update : systemd (openSUSE-2018-1423)

This update for systemd fixes the following issues : Security issues fixed : - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. bsc1113632 - CVE-2018-15686: A vulnerability in...

openSUSE: Security Advisory for systemd (openSUSE-SU-2018:3695-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Privilege Escalation

libsystemd.so is vulnerable to privilege escalation. When NotifyAccess != none, the line read by fgets in the unitdeserialize function allows line splitting during daemon-reexec when long lines are submitted which can result in state injection. An attacker is able to exploit this vulnerability to...

systemd 'unit_deserialize' Function Local Elevation of Privilege Vulnerability Vulnerability

systemd is a Linux-based system and service manager developed by German software developer Lennart Poettering and others. It is compatible with the SysV and LSB startup scripts and provides a framework for representing dependencies between system services. A security vulnerability exists in the...

Privilege escalation

A vulnerability in unitdeserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and...

CVE-2018-15686

A vulnerability in unitdeserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and...

CVE-2018-15686

CVE-2018-15686 affects systemd up to version 239, where unit_deserialize can be manipulated via NotifyAccess to inject arbitrary state across re-execution, potentially enabling root privilege escalation. Exploitation has been demonstrated (e.g., exploit-db link in references). Remediation is to u...

CVE-2018-15686

A vulnerability in unitdeserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and...

Linux systemd Line Splitting

systemd: reexec state injection: fgets on overlong lines leads to line splitting CVE-2018-15686 I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at https://github.com/systemd/systemd/blob/master/docs/CONTRIBUTING.mdsecurity-vulnerability-reports . When system...

UBUNTU-CVE-2018-15686

A vulnerability in unitdeserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and...