CVE-2018-15686

HIGH

Canonical Ubuntu Linux < 239 - Insecure Deserialization

Title source: rule

Description

A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.

Exploits (2)

nomisec WORKING POC

by hpcprofessional · poc

https://github.com/hpcprofessional/remediate_cesa_2019_2091

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Google Security Research · cdoslinux

https://www.exploit-db.com/exploits/45714

View Code ZIP pw:eip

References (11)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/105747

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:2091

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:3222

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2020:0593

[Patch, Third Party Advisory] https://github.com/systemd/systemd/pull/10519

[Mailing List] https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html

[Third Party Advisory] https://security.gentoo.org/glsa/201810-10

[Third Party Advisory] https://usn.ubuntu.com/3816-1/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/45714/

[Third Party Advisory] https://www.oracle.com//security-alerts/cpujul2021.html

Scores

CVSS v3 7.8

EPSS 0.0153

EPSS Percentile 81.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (6)

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

debian/debian_linux

systemd_project/systemd < 239

oracle/communications_cloud_native_core_network_function_cloud_native_environment

Timeline

Published Oct 26, 2018

Tracked Since Feb 18, 2026