ID CVE-2019-3815
Summary A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 13-11-2020 - 16:15)
Impact:
Exploitability:
CWE CWE-401
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 1666690
    title CVE-2019-3815 systemd: memory leak in journald-server.c introduced by fix for CVE-2018-16864
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment libgudev1 is earlier than 0:219-62.el7_6.3
            oval oval:com.redhat.rhsa:tst:20190201001
          • comment libgudev1 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152092002
        • AND
          • comment libgudev1-devel is earlier than 0:219-62.el7_6.3
            oval oval:com.redhat.rhsa:tst:20190201003
          • comment libgudev1-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152092004
        • AND
          • comment systemd is earlier than 0:219-62.el7_6.3
            oval oval:com.redhat.rhsa:tst:20190201005
          • comment systemd is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152092006
        • AND
          • comment systemd-devel is earlier than 0:219-62.el7_6.3
            oval oval:com.redhat.rhsa:tst:20190201007
          • comment systemd-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152092008
        • AND
          • comment systemd-journal-gateway is earlier than 0:219-62.el7_6.3
            oval oval:com.redhat.rhsa:tst:20190201009
          • comment systemd-journal-gateway is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152092010
        • AND
          • comment systemd-libs is earlier than 0:219-62.el7_6.3
            oval oval:com.redhat.rhsa:tst:20190201011
          • comment systemd-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152092012
        • AND
          • comment systemd-networkd is earlier than 0:219-62.el7_6.3
            oval oval:com.redhat.rhsa:tst:20190201013
          • comment systemd-networkd is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152092014
        • AND
          • comment systemd-python is earlier than 0:219-62.el7_6.3
            oval oval:com.redhat.rhsa:tst:20190201015
          • comment systemd-python is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152092016
        • AND
          • comment systemd-resolved is earlier than 0:219-62.el7_6.3
            oval oval:com.redhat.rhsa:tst:20190201017
          • comment systemd-resolved is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152092018
        • AND
          • comment systemd-sysv is earlier than 0:219-62.el7_6.3
            oval oval:com.redhat.rhsa:tst:20190201019
          • comment systemd-sysv is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152092020
    rhsa
    id RHSA-2019:0201
    released 2019-01-29
    severity Low
    title RHSA-2019:0201: systemd security update (Low)
  • rhsa
    id RHBA-2019:0327
rpms
  • libgudev1-0:219-62.el7_6.3
  • libgudev1-devel-0:219-62.el7_6.3
  • systemd-0:219-62.el7_6.3
  • systemd-debuginfo-0:219-62.el7_6.3
  • systemd-devel-0:219-62.el7_6.3
  • systemd-journal-gateway-0:219-62.el7_6.3
  • systemd-libs-0:219-62.el7_6.3
  • systemd-networkd-0:219-62.el7_6.3
  • systemd-python-0:219-62.el7_6.3
  • systemd-resolved-0:219-62.el7_6.3
  • systemd-sysv-0:219-62.el7_6.3
refmap via4
bid 106632
confirm https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3815
mlist [debian-lts-announce] 20190313 [SECURITY] [DLA 1711-1] systemd security update
Last major update 13-11-2020 - 16:15
Published 28-01-2019 - 15:29
Last modified 13-11-2020 - 16:15
Back to Top