Ubuntu.comUB:CVE-2018-20839CVE-2018-20839
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.014 Low
EPSS
Percentile
86.4%
systemd 242 changes the VT1 mode upon a logout, which allows attackers to
read cleartext passwords in certain circumstances, such as watching a
shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the
KDGKBMODE (aka current keyboard mode) check is mishandled.
Bugs
- <https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993>
- <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929116>
- <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929229>
- <https://gitlab.freedesktop.org/xorg/xserver/issues/857>
Notes
| Author | Note |
|---|---|
| seth-arnold | Possible regression when running startx manually |
| mdeslaur | commit was reverted in (240-6ubuntu7) possibly a bug in plymouth, not systemd as of 2021-04-12, we can no longer reproduce this issue with all updates applied. I am therefore marking this CVE as not affecting systemd and closing it out. This was possibly fixed by the plymouth change in bug 1817738. |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.014 Low
EPSS
Percentile
86.4%