CVE-2018-16888

It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*

Information

Published : 2019-01-14 14:29

Updated : 2022-01-31 10:37


NVD link : CVE-2018-16888

Mitre link : CVE-2018-16888


JSON object : View

CWE
CWE-269

Improper Privilege Management

Advertisement

dedicated server usa

Products Affected

systemd_project

  • systemd

redhat

  • enterprise_linux

netapp

  • element_software
  • active_iq_performance_analytics_services

canonical

  • ubuntu_linux