Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-15686

CWE-502 — Deserialization of Untrusted Data CWE-20 — Improper Input Validation15 documents11 sources

Severity

7.8HIGH

EPSS

1.5%

top 18.67%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Systemd Systemd Systemd Project Systemd Canonical Ubuntu Linux +2 more

Timeline

PublishedOct 26

Latest updateMay 13

Description

A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶Debiansystemd< 239-12+3

▶Ubuntusystemd< 229-4ubuntu21.9+3

▶CVEListV5systemd/systemdunspecified — 239

▶NVDsystemd_project/systemd239

▶NVDoracle/communications_cloud_native_core_network_function_cloud_native_environment1.4.0

Also affects: Debian Linux 8.0, Ubuntu Linux 16.04, 18.04, 18.10

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-86rx-vp92-xvgg: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess↗2022-05-13

▶

OSV

systemd regression↗2018-11-27

▶

OSV

systemd vulnerability↗2018-11-19

▶

OSV

systemd vulnerabilities↗2018-11-12

▶

CVEList

systemd: reexec state injection: fgets() on overlong lines leads to line splitting↗2018-10-26

▶

💥Exploits & PoCs

Exploit-DB

systemd - 'reexec' State Injection↗2018-10-29

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: Signaling (Calico) — CVE-2018-15686↗2021-07-15

▶

Ubuntu

systemd vulnerabilities↗2018-11-12

▶

Red Hat

systemd: line splitting via fgets() allows for state injection during daemon-reexec↗2018-10-26

▶

Microsoft

systemd: reexec state injection: fgets() on overlong lines leads to line splitting↗2018-10-09

▶

Debian

CVE-2018-15686: systemd - A vulnerability in unit_deserialize of systemd allows an attacker to supply arbi...↗2018

▶

💬Community

Bugzilla

CVE-2018-15686 systemd: Line splitting via fgets() allows for state injection during daemon-reexec [fedora-all]↗2018-10-26

▶

Bugzilla

CVE-2018-15686 systemd: line splitting via fgets() allows for state injection during daemon-reexec↗2018-10-15

▶