Allele Security Alert
ASA-2018-00006
Identifier(s)
ASA-2018-00006, CVE-2018-15686
Title
Usage of fgets() in systemd allows for state injection during data deserialization
Vendor(s)
The systemd project
Product(s)
systemd
Affected version(s)
systemd versions up to and including v239
Fixed version(s)
systemd version v240
Description
systemd has the ability to serialize and deserialize data. In some functions of this feature, lines longer than LINE_MAX aren’t properly handled and the content of a property longer than that is interpreted as serialized state. This allows an attacker to corrupt or to inject values in the state of the service when systemd needs to deserialize data.
Reference(s)
pid1 serialization/deserialization fixes
https://github.com/systemd/systemd/pull/10519/commits/8948b3415d762245ebf5e19d80b97d4d8cc208c1
Bug 1639071 – (CVE-2018-15686) CVE-2018-15686 systemd: Line splitting via fgets() allows for state injection during daemon-reexec
https://bugzilla.redhat.com/show_bug.cgi?id=1639071
systemd: reexec state injection: fgets() on overlong lines leads to line splitting
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1796402
CVE-2018-15686 - Red Hat Customer Portal
https://access.redhat.com/security/cve/CVE-2018-15686
https://people.canonical.com/~ubuntu-security/cve/CVE-2018-15686.html
CVE-2018-15686
https://security-tracker.debian.org/tracker/CVE-2018-15686
CVE-2018-15686 | SUSE
https://www.suse.com/security/cve/CVE-2018-15686
CVE-2018-15686
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15686
CVE-2018-15686
https://nvd.nist.gov/vuln/detail/CVE-2018-15686
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: September 3, 2019