Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-6454

Опубликовано: 18 фев. 2019
Источник: redhat
CVSS3: 7

Описание

An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).

It was discovered that systemd allocates a buffer large enough to store the path field of a dbus message without performing enough checks. A local attacker may trigger this flaw by sending a dbus message to systemd with a large path making systemd crash or possibly elevating his privileges.

Отчет

This vulnerability is present in Red Hat Virtualization Hypervisor and Management Appliance, however it can only be exploited locally. Since these systems do not typically have local user accounts, this issue has been rated Moderate severity for Red Hat Virtualization 4.

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1667032systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash

7 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-6454

CVSS3: 5.5
ubuntu
больше 6 лет назад

An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).

nvd логотип

CVE-2019-6454

CVSS3: 5.5
nvd
больше 6 лет назад

An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).

msrc логотип

CVE-2019-6454

CVSS3: 5.5
msrc
около 5 лет назад

Описание отсутствует

debian логотип

CVE-2019-6454

CVSS3: 5.5
debian
больше 6 лет назад

An issue was discovered in sd-bus in systemd 239. bus_process_object() ...

suse-cvrf логотип

openSUSE-SU-2019:0268-1

suse-cvrf
больше 6 лет назад

Security update for systemd

7 High

CVSS3