CVE-2018-15686

Name
CVE-2018-15686
Description
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://github.com/systemd/systemd/pull/10519
Third Party Advisory http://www.securityfocus.com/bid/105747
Exploit https://www.exploit-db.com/exploits/45714/
Third Party Advisory https://security.gentoo.org/glsa/201810-10
Third Party Advisory https://usn.ubuntu.com/3816-1/
Third Party Advisory https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html
REDHAT https://access.redhat.com/errata/RHSA-2019:2091
REDHAT https://access.redhat.com/errata/RHSA-2019:3222
REDHAT https://access.redhat.com/errata/RHSA-2020:0593
MLIST https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
Third Party Advisory https://www.oracle.com//security-alerts/cpujul2021.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:* ubuntu_linux == None == 18.10
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* ubuntu_linux == None == 18.04
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* debian_linux == None == 8.0
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* ubuntu_linux == None == 16.04

Vulnerable and fixed packages

Source package Branch Version Maintainer Status