systemd-journald CVE-2018-16864 Stack-Based Buffer Overflow Vulnerability

Bugtraq ID:	106523
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2018-16864
Remote:	No
Local:	Yes
Published:	Jan 09 2019 12:00AM
Updated:	Apr 17 2019 05:00AM
Credit:	Qualys Research Labs
Vulnerable:	systemd systemd 0 Redhat Virtualization 4 Redhat Enterprise Linux 7 Oracle Linux 7 Oracle Enterprise Session Border Controller 8.2 Oracle Enterprise Session Border Controller 8.1 Oracle Enterprise Session Border Controller 8.0 Oracle Enterprise Communications Broker 3.1 Oracle Enterprise Communications Broker 3.0 Oracle Communications Session Border Controller 8.2 Oracle Communications Session Border Controller 8.1 Oracle Communications Session Border Controller 8.0
Not Vulnerable:

systemd-journald CVE-2018-16864 Stack-Based Buffer Overflow Vulnerability

systemd is prone to a stack-based buffer overflow vulnerability.

Successfully exploiting this vulnerability can allow remote attackers to execute arbitrary code in the context of the application. Failed attempts will likely result in denial-of-service conditions.

systemd-journald CVE-2018-16864 Stack-Based Buffer Overflow Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

systemd-journald CVE-2018-16864 Stack-Based Buffer Overflow Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

systemd-journald CVE-2018-16864 Stack-Based Buffer Overflow Vulnerability

References:

• systemd Package (freedesktop.org)
  
• journald: do not store the iovec entry for process commandline on stack ()
  
• Oracle Linux Bulletin - (Oracle)
  
• Bug 1653855 (CVE-2018-16864) - CVE-2018-16864 systemd: stack overflow when calli (Red Hat Bugzilla)
  
• CVE-2018-16864 (Red Hat)
  
• Oracle Critical Patch Update Advisory - April 2019 (Oracle)