4.7
CVE-2018-16888
- EPSS 0.17%
- Published 14.01.2019 22:29:00
- Last modified 21.11.2024 03:53:32
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.
Data is provided by the National Vulnerability Database (NVD)
Systemd Project ≫ Systemd Version < 237
Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version19.10
Redhat ≫ Enterprise Linux Version7.0
Netapp ≫ Active Iq Performance Analytics Services Version-
Netapp ≫ Element Software Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.385 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.7 | 1 | 3.6 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 1.9 | 3.4 | 2.9 |
AV:L/AC:M/Au:N/C:N/I:N/A:P
|
| secalert@redhat.com | 4.4 | 0.8 | 3.6 |
CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
|
CWE-250 Execution with Unnecessary Privileges
The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.