Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-16888

Опубликовано: 14 янв. 2019
Источник: nvd
CVSS3: 4.4
CVSS3: 4.7
CVSS2: 1.9
EPSS Низкий

Описание

It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*
Версия до 237 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*

EPSS

Процентиль: 26%
0.00086
Низкий

4.4 Medium

CVSS3

4.7 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

CWE-250
CWE-269

Связанные уязвимости

ubuntu логотип

CVE-2018-16888

CVSS3: 4.7
ubuntu
больше 6 лет назад

It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.

redhat логотип

CVE-2018-16888

CVSS3: 4.4
redhat
около 8 лет назад

It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.

debian логотип

CVE-2018-16888

CVSS3: 4.7
debian
больше 6 лет назад

It was discovered systemd does not correctly check the content of PIDF ...

github логотип

GHSA-34mm-3fgq-qjxq

CVSS3: 4.7
github
больше 3 лет назад

It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.

oracle-oval логотип

ELSA-2019-2091

oracle-oval
около 6 лет назад

ELSA-2019-2091: systemd security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 26%
0.00086
Низкий

4.4 Medium

CVSS3

4.7 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

CWE-250
CWE-269