#VU15555 Heap out-of-bounds write in systemd - CVE-2018-15688


| Updated: 2023-03-28

Vulnerability identifier: #VU15555

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2018-15688

CWE-ID: CWE-787

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
systemd
Server applications / Other server solutions

Vendor: Freedesktop.org

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code with elevated privileges.

The weakness exists within the written-from-scratch DHCPv6 client of the open-source Systemd management suite due to an out-of-bounds heap write in the DHCPv6 client when handling options sent by network adjacent DHCP servers. A remote attacker can supply maliciously crafted DHCPv6 packets, exploit the programming cockup, arbitrarily change parts of memory to crash or execute arbitrary code on the vulnerable Systemd-powered Linux machines.

Mitigation
Install update from vendor's website.

Vulnerable software versions

systemd: 174 - 239

External links
https://github.com/systemd/systemd/pull/10518

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell EMC Search
Red Hat update for systemd
OpenSUSE Linux update for systemd
OpenSUSE Linux update for systemd
Arch Linux update for systemd
Gentoo update for systemd
Fedora 27 update for NetworkManager
Fedora 28 update for NetworkManager
Fedora 29 update for NetworkManager
Fedora 28 update for systemd