CVE-2018-15686

HIGH

Canonical Ubuntu Linux < 239 - Insecure Deserialization

Title source: rule

Description

A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Google Security Research · cdoslinux

https://www.exploit-db.com/exploits/45714

View Code ZIP pw:eip

nomisec WORKING POC

by hpcprofessional · poc

https://github.com/hpcprofessional/remediate_cesa_2019_2091

View Code ZIP pw:eip

References (11)

Core 11

Core References

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201810-10

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/105747

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45714/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3816-1/

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2019:2091

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2019:3222

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2020:0593

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E

Third Party Advisory x_refsource_misc

https://www.oracle.com//security-alerts/cpujul2021.html

Patch, Third Party Advisory x_refsource_misc

https://github.com/systemd/systemd/pull/10519

Scores

CVSS v3 7.8

EPSS 0.0153

EPSS Percentile 81.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-502

Status published

Products (6)

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 18.10

debian/debian_linux 8.0

oracle/communications_cloud_native_core_network_function_cloud_native_environment 1.4.0

systemd_project/systemd < 239

Published Oct 26, 2018

Tracked Since Feb 18, 2026