CVE-2019-6454

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 21-03-2019 05:01

Last modified: - 20-02-2022 07:08

Total changes: - 4

Description

An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Low

Attack complexity

Local

Attack vector

High

Availability

None

Confidentiality

None

Integrity

Low

Privileges required

Unchanged

Scope

None

User interaction

5.5

Base score

1.8

3.6

Exploitability score

Impact score

Verification logic

vendor=systemd_project AND product=systemd AND version=239

vendor=opensuse AND product=leap AND version=15.0

vendor=netapp AND product=active_iq_performance_analytics_services AND version=-

vendor=Debian AND product=debian_linux AND version=8.0

vendor=Debian AND product=debian_linux AND version=9.0

vendor=fedoraproject AND product=fedora AND version=29

vendor=canonical AND product=ubuntu_linux AND version=18.04 AND software_edition=lts

vendor=canonical AND product=ubuntu_linux AND version=18.10

vendor=canonical AND product=ubuntu_linux AND version=16.04 AND software_edition=lts

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=8.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_compute_node_eus AND version=7.5

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_desktop AND version=7.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_eus AND version=7.4

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_eus AND version=7.5

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_eus AND version=8.1

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_eus AND version=8.2

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_eus AND version=8.4

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_ibm_z_systems_eus AND version=7.4

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_ibm_z_systems_eus AND version=7.5

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_ibm_z_systems_eus AND version=8.1

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_ibm_z_systems_eus AND version=8.2

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_ibm_z_systems_eus AND version=8.4

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_power_big_endian_eus AND version=7.4

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_power_little_endian AND version=8.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_power_little_endian_eus AND version=7.4

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_power_little_endian_eus AND version=7.5

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_power_little_endian_eus AND version=8.1

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_power_little_endian_eus AND version=8.2

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_power_little_endian_eus AND version=8.4

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server AND version=7.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_aus AND version=7.3

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_aus AND version=7.4

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_aus AND version=7.6

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_aus AND version=8.2

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_aus AND version=8.4

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_eus AND version=7.6

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions AND version=7.3

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions AND version=7.4

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions AND version=8.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions AND version=8.1

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions AND version=8.2

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_tus AND version=7.3

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_tus AND version=7.4

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_tus AND version=7.6

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_tus AND version=8.2

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_tus AND version=8.4

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_update_services_for_sap_solutions AND version=7.3

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_update_services_for_sap_solutions AND version=7.4

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_update_services_for_sap_solutions AND version=8.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_update_services_for_sap_solutions AND version=8.1

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_update_services_for_sap_solutions AND version=8.2

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_workstation AND version=7.0

vendor=mcafee AND product=web_gateway AND versionEndExcluding=7.7.2.21

vendor=mcafee AND product=web_gateway AND versionStartIncluding=7.8.0 AND versionEndExcluding=7.8.2.8

vendor=mcafee AND product=web_gateway AND versionStartIncluding=8.0.0 AND versionEndExcluding=8.1.1

Reference

DSA-4393-1-Third Party Advisory
USN-3891-1-Third Party Advisory
FEDORA-2019-8434288a24-Third Party Advisory
[SECURITY] [DLA 1684-1] 20190219 systemd security update-Mailing List, Third Party Advisory
https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c
RHSA-2019:0368-Third Party Advisory
107081-Third Party Advisory, VDB Entry
[oss-security] 20190219 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message-Mailing List, Third Party Advisory
[oss-security] 20190218 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message-Mailing List, Patch, Third Party Advisory
SUSE-SA:2019:0255-1-Third Party Advisory
https://security.netapp.com/advisory/ntap-20190327-0004/
https://kc.mcafee.com/corporate/index?page=content&id=SB10278
RHSA-2019:0990-Third Party Advisory
openSUSE-SU-2019:1450-Mailing List, Third Party Advisory
RHSA-2019:1322-Third Party Advisory
RHSA-2019:1502-Third Party Advisory
RHSA-2019:2805-Third Party Advisory
[oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)-Exploit, Mailing List, Third Party Advisory

Keywords

CVE-2019-6454

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2019-6454

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures