CVE-2018-16888
Description
It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.
Risk Information
Base Score
4.7
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.158
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2019:2091) systemd security, bug fix, and enhancement update libgudev1-219-67.el7.i686.rpm | Linux |
| (RHSA-2019:2091) systemd security, bug fix, and enhancement update libgudev1-219-67.el7.x86_64.rpm | Linux |
| (RHSA-2019:2091) systemd security, bug fix, and enhancement update libgudev1-devel-219-67.el7.i686.rpm | Linux |
| (RHSA-2019:2091) systemd security, bug fix, and enhancement update libgudev1-devel-219-67.el7.x86_64.rpm | Linux |
| (RHSA-2019:2091) systemd security, bug fix, and enhancement update systemd-219-67.el7.x86_64.rpm | Linux |
| (RHSA-2019:2091) systemd security, bug fix, and enhancement update systemd-devel-219-67.el7.i686.rpm | Linux |
| (RHSA-2019:2091) systemd security, bug fix, and enhancement update systemd-devel-219-67.el7.x86_64.rpm | Linux |
| (RHSA-2019:2091) systemd security, bug fix, and enhancement update systemd-journal-gateway-219-67.el7.x86_64.rpm | Linux |
| (RHSA-2019:2091) systemd security, bug fix, and enhancement update systemd-libs-219-67.el7.i686.rpm | Linux |
| (RHSA-2019:2091) systemd security, bug fix, and enhancement update systemd-libs-219-67.el7.x86_64.rpm | Linux |
| (RHSA-2019:2091) systemd security, bug fix, and enhancement update systemd-networkd-219-67.el7.x86_64.rpm | Linux |
| (RHSA-2019:2091) systemd security, bug fix, and enhancement update systemd-python-219-67.el7.x86_64.rpm | Linux |
| (RHSA-2019:2091) systemd security, bug fix, and enhancement update systemd-resolved-219-67.el7.i686.rpm | Linux |
| (RHSA-2019:2091) systemd security, bug fix, and enhancement update systemd-resolved-219-67.el7.x86_64.rpm | Linux |
| (RHSA-2019:2091) systemd security, bug fix, and enhancement update systemd-sysv-219-67.el7.x86_64.rpm | Linux |
| system and service manager (USN-4269-1) systemd_242-7ubuntu3.6_i386.deb | Linux |
| system and service manager (USN-4269-1) systemd_242-7ubuntu3.6_amd64.deb | Linux |
| system and service manager (USN-4269-1) systemd_229-4ubuntu21.27_i386.deb | Linux |
| system and service manager (USN-4269-1) systemd_229-4ubuntu21.27_amd64.deb | Linux |
| system and service manager (USN-4269-1) systemd_237-3ubuntu10.38_i386.deb | Linux |
| system and service manager (USN-4269-1) systemd_237-3ubuntu10.38_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234