Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-16888

Опубликовано: 17 авг. 2017
Источник: redhat
CVSS3: 4.4
EPSS Низкий

Описание

It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.

It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 8systemdNot affected
Red Hat Ansible Tower 3.4 for RHEL 7ansible-tower-34/ansible-tower-memcachedFixedRHBA-2020:054718.02.2020
Red Hat Ansible Tower 3.4 for RHEL 7ansible-tower-35/ansible-tower-memcachedFixedRHBA-2020:054718.02.2020
Red Hat Ansible Tower 3.4 for RHEL 7ansible-tower-37/ansible-tower-memcached-rhel7FixedRHBA-2020:054718.02.2020
Red Hat Enterprise Linux 7systemdFixedRHSA-2019:209106.08.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-250
https://bugzilla.redhat.com/show_bug.cgi?id=1662867systemd: kills privileged process if unprivileged PIDFile was tampered

EPSS

Процентиль: 26%
0.00086
Низкий

4.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-16888

CVSS3: 4.7
ubuntu
больше 6 лет назад

It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.

nvd логотип

CVE-2018-16888

CVSS3: 4.7
nvd
больше 6 лет назад

It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.

debian логотип

CVE-2018-16888

CVSS3: 4.7
debian
больше 6 лет назад

It was discovered systemd does not correctly check the content of PIDF ...

github логотип

GHSA-34mm-3fgq-qjxq

CVSS3: 4.7
github
больше 3 лет назад

It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.

oracle-oval логотип

ELSA-2019-2091

oracle-oval
около 6 лет назад

ELSA-2019-2091: systemd security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 26%
0.00086
Низкий

4.4 Medium

CVSS3