7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
libsystemd.so is vulnerable to privilege escalation. When NotifyAccess != none
, the line read by fgets()
in the unit_deserialize()
function allows line splitting during daemon-reexec when long lines are submitted which can result in state injection. An attacker is able to exploit this vulnerability to obtain root privileges.
www.securityfocus.com/bid/105747
access.redhat.com/errata/RHSA-2019:2091
access.redhat.com/errata/RHSA-2019:3222
access.redhat.com/errata/RHSA-2020:0593
bugzilla.redhat.com/show_bug.cgi?id=1639071
github.com/systemd/systemd/commit/8948b3415d762245ebf5e19d80b97d4d8cc208c1
github.com/systemd/systemd/pull/10519
lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
lists.debian.org/debian-lts-announce/2018/11/msg00017.html
security.gentoo.org/glsa/201810-10
usn.ubuntu.com/3816-1/
www.exploit-db.com/exploits/45714/
www.oracle.com//security-alerts/cpujul2021.html
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C