CVE-2018-16864: Buffer Overflow
First published: Tue Nov 27 2018(Updated: )
A flaw was found in systemd-journald. A stack buffer overflow when passing several MB of arguments to a program calling syslog function. This can lead to a denial of service attack or arbitrary code execution in some cases.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Systemd Project Systemd | <=240 | |
| Redhat Enterprise Linux Desktop | =7.0 | |
| Redhat Enterprise Linux Server | =7.0 | |
| Redhat Enterprise Linux Server | =7.4 | |
| Redhat Enterprise Linux Server | =7.5 | |
| Redhat Enterprise Linux Server | =7.6 | |
| Redhat Enterprise Linux Server Aus | =7.3 | |
| Redhat Enterprise Linux Server Aus | =7.6 | |
| Redhat Enterprise Linux Server Eus | =7.4 | |
| Redhat Enterprise Linux Server Eus | =7.6 | |
| Redhat Enterprise Linux Server Tus | =7.3 | |
| Redhat Enterprise Linux Server Tus | =7.6 | |
| Redhat Enterprise Linux Workstation | =7.0 | |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =18.10 | |
| Oracle Communications Session Border Controller | =8.0.0 | |
| Oracle Communications Session Border Controller | =8.1.0 | |
| Oracle Communications Session Border Controller | =8.2.0 | |
| Oracle Enterprise Communications Broker | =3.0.0 | |
| Oracle Enterprise Communications Broker | =3.1.0 | |
| debian/systemd | <=240-2<=204-1<=232-25+deb9u6 | 240-4 232-25+deb9u7 |
| ubuntu/systemd | <237-3ubuntu10.11 | 237-3ubuntu10.11 |
| ubuntu/systemd | <239-7ubuntu10.6 | 239-7ubuntu10.6 |
| ubuntu/systemd | <229-4ubuntu21.15 | 229-4ubuntu21.15 |
| debian/systemd | 247.3-7+deb11u5 252.26-1~deb12u2 256.4-3 256.5-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2021/07/20/2
- http://www.securityfocus.com/bid/106523
- https://access.redhat.com/errata/RHBA-2019:0327
- https://access.redhat.com/errata/RHSA-2019:0049
- https://access.redhat.com/errata/RHSA-2019:0204
- https://access.redhat.com/errata/RHSA-2019:0271
- https://access.redhat.com/errata/RHSA-2019:0342
- https://access.redhat.com/errata/RHSA-2019:0361
- https://access.redhat.com/errata/RHSA-2019:2402
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16864
- https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html
- https://security.gentoo.org/glsa/201903-07
- https://security.netapp.com/advisory/ntap-20190117-0001/
- https://usn.ubuntu.com/3855-1/
- https://www.debian.org/security/2019/dsa-4367
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.qualys.com/2019/01/09/system-down/system-down.txt
- https://security-tracker.debian.org/tracker/CVE-2018-16864
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16864
- https://www.openwall.com/lists/oss-security/2019/01/09/3
- https://security-tracker.debian.org/tracker/CVE-2018-16865
- https://security-tracker.debian.org/tracker/CVE-2018-16866
- https://salsa.debian.org/systemd-team/systemd/commit/ce0e48e43979e955df2413dca23c64088a729ed8
- https://bugs.debian.org/918841
- https://github.com/systemd/systemd/issues/11502
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918841
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1653855#c0
- https://access.redhat.com/security/updates/classification/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1664972
- https://github.com/systemd/systemd/commit/084eeb865ca63887098e0945fb4e93c852b91b0f
- https://bugzilla.redhat.com/show_bug.cgi?id=1653855
- https://launchpad.net/bugs/cve/CVE-2018-16864
- https://github.com/systemd/systemd/commit/ae018d9bc900d6355dea4af05119b49c67945184
- https://github.com/systemd/systemd/commit/ac2e41f5103ce2c679089c4f8fb6be61d7caec07
- https://github.com/systemd/systemd/pull/11374
- https://ubuntu.com/security/notices/USN-3855-1
- https://www.cve.org/CVERecord?id=CVE-2018-16864
- https://nvd.nist.gov/vuln/detail/CVE-2018-16864
- https://ubuntu.com/security/CVE-2018-16864
Frequently Asked Questions
What is CVE-2018-16864?
CVE-2018-16864 is a vulnerability found in systemd-journald that allows a local attacker to crash the service or escalate privileges.
How severe is CVE-2018-16864?
CVE-2018-16864 has a severity rating of 7.8, which is considered high.
What is affected by CVE-2018-16864?
CVE-2018-16864 affects systemd versions up to and including 204-1, 232-25+deb9u6, and 240-2 on Debian. Other affected software versions can be found in the vulnerability details.
How can I fix CVE-2018-16864?
To fix CVE-2018-16864, you should update systemd to version 240-4 or 232-25+deb9u7 on Debian. For other affected software, refer to the recommended versions given in the vulnerability details.
Where can I find more information about CVE-2018-16864?
You can find more information about CVE-2018-16864 at the following references: [link1], [link2], [link3].
- collector/nvd-index
- collector/debian-bugs
- alias/CVE-2018-16864
- agent/type
- agent/first-publish-date
- agent/remedy
- collector/redhat-bugzilla
- source/Red Hat
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/weakness
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- vendor/systemd project
- canonical/systemd project systemd
- version/systemd project systemd/240
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/7.0
- version/redhat enterprise linux server/7.4
- version/redhat enterprise linux server/7.5
- version/redhat enterprise linux server/7.6
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/7.3
- version/redhat enterprise linux server aus/7.6
- canonical/redhat enterprise linux server eus
- version/redhat enterprise linux server eus/7.4
- version/redhat enterprise linux server eus/7.6
- canonical/redhat enterprise linux server tus
- version/redhat enterprise linux server tus/7.3
- version/redhat enterprise linux server tus/7.6
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/7.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/18.10
- vendor/oracle
- canonical/oracle communications session border controller
- version/oracle communications session border controller/8.0.0
- version/oracle communications session border controller/8.1.0
- version/oracle communications session border controller/8.2.0
- canonical/oracle enterprise communications broker
- version/oracle enterprise communications broker/3.0.0
- version/oracle enterprise communications broker/3.1.0
- package-manager/debian
- package-manager/ubuntu