cve/2018/CVE-2018-16865.md

CVE-2018-16865

Description

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.

POC

Reference

• http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html
• http://www.openwall.com/lists/oss-security/2021/07/20/2
• https://www.qualys.com/2019/01/09/system-down/system-down.txt

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/fbreton/lacework
• https://github.com/lacework/up-and-running-packer
• https://github.com/scottford-lw/up-and-running-packer