New Systemd Privilege Escalation Flaws Affect Most Linux Distributions

2019-01-10 12:33

Security researchers have discovered three vulnerabilities in Systemd, a popular init system and service manager for most Linux operating systems, that could allow unprivileged local attackers or malicious programs to gain root access on the targeted systems. The vulnerabilities, assigned as CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866, actually resides in the "systemd-journald" service

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/Me5q7V1edFQ/linux-systemd-exploit.html

#linux #CVE-2018-16866 #CVE-2018-16865 #CVE-2018-16864

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2019-01-11	CVE-2018-16865	An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. local low complexity systemd-project redhat debian canonical oracle	7.8
2019-01-11	CVE-2018-16864	An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. local low complexity systemd-project redhat debian canonical oracle	7.8
2019-01-11	CVE-2018-16866	An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. local low complexity systemd-project debian canonical netapp redhat	3.3

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Linux		11	64	2532	1569	67	4232