Headline
CVE-2018-16888: kills privileged process if unprivileged PIDFile was tampered
It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.
Bug 1662867 (CVE-2018-16888) - CVE-2018-16888 systemd: kills privileged process if unprivileged PIDFile was tampered
Summary: CVE-2018-16888 systemd: kills privileged process if unprivileged PIDFile was …
Keywords:
Status:
CLOSED ERRATA
Alias:
CVE-2018-16888
Product:
Security Response
Classification:
Other
Component:
vulnerability
Sub Component:
Version:
unspecified
Hardware:
All
OS:
Linux
Priority:
low
Severity:
low
Target Milestone:
—
Assignee:
Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
1663143 1786119 1786120 1786121
Blocks:
1662883
TreeView+
depends on / blocked
Reported:
2019-01-02 09:38 UTC by Riccardo Schirone
Modified:
2019-12-23 14:02 UTC (History)
CC List:
3 users (show)
Fixed In Version:
systemd 237
Doc Type:
If docs needed, set a value
Doc Text:
It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes.
Clone Of:
Environment:
Last Closed:
2019-08-06 19:20:28 UTC
Attachments
(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)
Links
System
ID
Private
Priority
Status
Summary
Last Updated
Red Hat Product Errata
RHSA-2019:2091
0
None
None
None
2019-08-06 12:13:47 UTC