The Systemd Project Systemd vulnerabilities

CVE-2019-3842 [HIGH] CWE-285 CVE-2019-3842: In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the enviro In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather tha

CVE-2019-3815 [HIGH] CWE-401 CVE-2019-3815: A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shippe

CVE-2018-16888 [MEDIUM] CWE-250 CVE-2018-16888: It was discovered systemd does not correctly check the content of PIDFile files before using it to k It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/

CVE-2018-16865 [HIGH] CWE-770 CVE-2018-16865: An allocation of memory without limits, that could result in the stack clashing with another memory An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versio

CVE-2018-16864 [HIGH] CWE-770 CVE-2018-16864: An allocation of memory without limits, that could result in the stack clashing with another memory An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.

CVE-2018-16866 [LOW] CWE-125 CVE-2018-16866: An out of bounds read was discovered in systemd-journald in the way it parses log messages that term An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.