Vulnerabilities > CVE-2017-15908 - Infinite Loop vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0044.NASL description An update of [openvswitch,systemd,curl,mariadb,bash] packages for PhotonOS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 111893 published 2018-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111893 title Photon OS 1.0: Bash / Curl / Mariadb / Openvswitch / Systemd PHSA-2017-0044 (deprecated) code # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2/7/2019 # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2017-0044. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(111893); script_version("1.2"); script_cvs_date("Date: 2019/02/07 18:59:50"); script_cve_id( "CVE-2016-9401", "CVE-2017-10268", "CVE-2017-10378", "CVE-2017-14970", "CVE-2017-15908", "CVE-2017-1000254" ); script_name(english:"Photon OS 1.0: Bash / Curl / Mariadb / Openvswitch / Systemd PHSA-2017-0044 (deprecated)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "This plugin has been deprecated."); script_set_attribute(attribute:"description", value: "An update of [openvswitch,systemd,curl,mariadb,bash] packages for PhotonOS has been released."); # https://github.com/vmware/photon/wiki/Security-Updates-84 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?185d85d0"); script_set_attribute(attribute:"solution", value:"n/a."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-14970"); script_set_attribute(attribute:"patch_publication_date", value:"2017/11/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:bash"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:mariadb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:openvswitch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:systemd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } exit(0, "This plugin has been deprecated."); include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; pkgs = [ "bash-4.3.48-2.ph1", "bash-debuginfo-4.3.48-2.ph1", "bash-lang-4.3.48-2.ph1", "curl-7.54.0-4.ph1", "curl-debuginfo-7.54.0-4.ph1", "mariadb-10.2.10-1.ph1", "mariadb-debuginfo-10.2.10-1.ph1", "mariadb-devel-10.2.10-1.ph1", "mariadb-errmsg-10.2.10-1.ph1", "mariadb-server-10.2.10-1.ph1", "mariadb-server-galera-10.2.10-1.ph1", "openvswitch-2.6.1-5.ph1", "openvswitch-debuginfo-2.6.1-5.ph1", "openvswitch-devel-2.6.1-5.ph1", "openvswitch-doc-2.6.1-5.ph1", "systemd-228-43.ph1", "systemd-debuginfo-228-43.ph1" ]; foreach (pkg in pkgs) if (rpm_check(release:"PhotonOS-1.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bash / curl / mariadb / openvswitch / systemd"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-117.NASL description This update for systemd fixes several issues. This security issue was fixed : - CVE-2018-1049: Prevent race that can lead to DoS when using automounts (bsc#1076308). These non-security issues were fixed : - core: don last seen 2020-06-05 modified 2018-02-01 plugin id 106548 published 2018-02-01 reporter This script is Copyright (C) 2018-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/106548 title openSUSE Security Update : systemd (openSUSE-2018-117) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2018-117. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(106548); script_version("3.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-15908", "CVE-2018-1049"); script_name(english:"openSUSE Security Update : systemd (openSUSE-2018-117)"); script_summary(english:"Check for the openSUSE-2018-117 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for systemd fixes several issues. This security issue was fixed : - CVE-2018-1049: Prevent race that can lead to DoS when using automounts (bsc#1076308). These non-security issues were fixed : - core: don't choke if a unit another unit triggers vanishes during reload - delta: don't ignore PREFIX when the given argument is PREFIX/SUFFIX - delta: extend skip logic to work on full directory paths (prefix+suffix) (bsc#1070428) - delta: check if a prefix needs to be skipped only once - delta: skip symlink paths when split-usr is enabled (#4591) - sysctl: use raw file descriptor in sysctl_write (#7753) - sd-netlink: don't take possesion of netlink fd from caller on failure (bsc#1074254) - Fix the regexp used to detect broken by-id symlinks in /etc/crypttab It was missing the following case: '/dev/disk/by-id/cr_-xxx'. - sysctl: disable buffer while writing to /proc (bsc#1071558) - Use read_line() and LONG_LINE_MAX to read values configuration files. (bsc#1071558) - sysctl: no need to check for eof twice - def: add new constant LONG_LINE_MAX - fileio: add new helper call read_line() as bounded getline() replacement - service: Don't stop unneeded units needed by restarted service (#7526) (bsc#1066156) - gpt-auto-generator: fix the handling of the value returned by fstab_has_fstype() in add_swap() (#6280) - gpt-auto-generator: disable gpt auto logic for swaps if at least one is defined in fstab (bsc#897422) - fstab-util: introduce fstab_has_fstype() helper - fstab-generator: ignore root=/dev/nfs (#3591) - fstab-generator: don't process root= if it happens to be 'gpt-auto' (#3452) - virt: use XENFEAT_dom0 to detect the hardware domain (#6442, #6662) (#7581) (bsc#1048510) - analyze: replace --no-man with --man=no in the man page (bsc#1068251) - udev: net_setup_link: don't error out when we couldn't apply link config (#7328) - Add missing /etc/systemd/network directory - Fix parsing of features in detect_vm_xen_dom0 (#7890) (bsc#1048510) - sd-bus: use -- when passing arguments to ssh (#6706) - systemctl: make sure we terminate the bus connection first, and then close the pager (#3550) - sd-bus: bump message queue size (bsc#1075724) - tmpfiles: downgrade warning about duplicate line This update was imported from the SUSE:SLE-12-SP2:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048510" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1065276" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1066156" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1068251" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1070428" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1071558" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1074254" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1075724" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1076308" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=897422" ); script_set_attribute( attribute:"solution", value:"Update the affected systemd packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0-mini"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0-mini-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev-mini-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev-mini1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev-mini1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev1-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-myhostname"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-myhostname-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-myhostname-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-myhostname-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-mymachines"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-mymachines-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-bash-completion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-logger"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini-bash-completion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini-sysvinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-sysvinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:udev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:udev-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:udev-mini"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:udev-mini-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"patch_publication_date", value:"2018/01/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.3", reference:"libsystemd0-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsystemd0-debuginfo-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsystemd0-mini-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsystemd0-mini-debuginfo-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libudev-devel-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libudev-mini-devel-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libudev-mini1-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libudev-mini1-debuginfo-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libudev1-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libudev1-debuginfo-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"nss-myhostname-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"nss-myhostname-debuginfo-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"nss-mymachines-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"nss-mymachines-debuginfo-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"systemd-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"systemd-bash-completion-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"systemd-debuginfo-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"systemd-debugsource-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"systemd-devel-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"systemd-logger-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"systemd-mini-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"systemd-mini-bash-completion-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"systemd-mini-debuginfo-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"systemd-mini-debugsource-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"systemd-mini-devel-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"systemd-mini-sysvinit-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"systemd-sysvinit-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"udev-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"udev-debuginfo-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"udev-mini-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"udev-mini-debuginfo-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsystemd0-32bit-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsystemd0-debuginfo-32bit-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libudev1-32bit-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libudev1-debuginfo-32bit-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"nss-myhostname-32bit-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"nss-myhostname-debuginfo-32bit-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"systemd-32bit-228-41.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"systemd-debuginfo-32bit-228-41.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsystemd0-mini / libsystemd0-mini-debuginfo / libudev-mini-devel / etc"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3466-1.NASL description Karim Hossen & Thomas Imbert discovered that systemd-resolved incorrectly handled certain DNS responses. A remote attacker could possibly use this issue to cause systemd to temporarily stop responding, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 104213 published 2017-10-27 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104213 title Ubuntu 17.04 / 17.10 : systemd vulnerability (USN-3466-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3466-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(104213); script_version("3.6"); script_cvs_date("Date: 2019/09/18 12:31:47"); script_cve_id("CVE-2017-15908"); script_xref(name:"USN", value:"3466-1"); script_name(english:"Ubuntu 17.04 / 17.10 : systemd vulnerability (USN-3466-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Karim Hossen & Thomas Imbert discovered that systemd-resolved incorrectly handled certain DNS responses. A remote attacker could possibly use this issue to cause systemd to temporarily stop responding, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3466-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected systemd package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:systemd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/26"); script_set_attribute(attribute:"patch_publication_date", value:"2017/10/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(17\.04|17\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 17.04 / 17.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"17.04", pkgname:"systemd", pkgver:"232-21ubuntu7.1")) flag++; if (ubuntu_check(osver:"17.10", pkgname:"systemd", pkgver:"234-2ubuntu12.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3558-1.NASL description Karim Hossen & Thomas Imbert and Nelson William Gamazo Sanchez independently discovered that systemd-resolved incorrectly handled certain DNS responses. A remote attacker could possibly use this issue to cause systemd to temporarily stop responding, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-15908) It was discovered that systemd incorrectly handled automounted volumes. A local attacker could possibly use this issue to cause applications to hang, resulting in a denial of service. (CVE-2018-1049). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 106620 published 2018-02-06 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106620 title Ubuntu 14.04 LTS / 16.04 LTS : systemd vulnerabilities (USN-3558-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3558-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(106620); script_version("3.5"); script_cvs_date("Date: 2019/09/18 12:31:48"); script_cve_id("CVE-2017-15908", "CVE-2018-1049"); script_xref(name:"USN", value:"3558-1"); script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS : systemd vulnerabilities (USN-3558-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Karim Hossen & Thomas Imbert and Nelson William Gamazo Sanchez independently discovered that systemd-resolved incorrectly handled certain DNS responses. A remote attacker could possibly use this issue to cause systemd to temporarily stop responding, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-15908) It was discovered that systemd incorrectly handled automounted volumes. A local attacker could possibly use this issue to cause applications to hang, resulting in a denial of service. (CVE-2018-1049). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3558-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected systemd package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:systemd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/26"); script_set_attribute(attribute:"patch_publication_date", value:"2018/02/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(14\.04|16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"14.04", pkgname:"systemd", pkgver:"204-5ubuntu20.26")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"systemd", pkgver:"229-4ubuntu21.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd"); }NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0044_SYSTEMD.NASL description An update of the systemd package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121759 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121759 title Photon OS 1.0: Systemd PHSA-2017-0044 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2017-0044. The text # itself is copyright (C) VMware, Inc. include('compat.inc'); if (description) { script_id(121759); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2019/02/07"); script_cve_id("CVE-2017-15908"); script_name(english:"Photon OS 1.0: Systemd PHSA-2017-0044"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the systemd package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-84.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-14970"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/15"); script_set_attribute(attribute:"patch_publication_date", value:"2017/11/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:systemd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-1.0", reference:"systemd-228-43.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"systemd-debuginfo-228-43.ph1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd"); }NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0045.NASL description An update of [go,curl,libtiff,systemd,bash] packages for PhotonOS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 111894 published 2018-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111894 title Photon OS 2.0: Bash / Curl / Go / Libtiff / Systemd PHSA-2017-0045 (deprecated) code # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2/7/2019 # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2017-0045. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(111894); script_version("1.2"); script_cvs_date("Date: 2019/02/07 18:59:50"); script_cve_id( "CVE-2016-9401", "CVE-2017-12944", "CVE-2017-15041", "CVE-2017-15908", "CVE-2017-1000099", "CVE-2017-1000100", "CVE-2017-1000101", "CVE-2017-1000254" ); script_name(english:"Photon OS 2.0: Bash / Curl / Go / Libtiff / Systemd PHSA-2017-0045 (deprecated)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "This plugin has been deprecated."); script_set_attribute(attribute:"description", value: "An update of [go,curl,libtiff,systemd,bash] packages for PhotonOS has been released."); # https://github.com/vmware/photon/wiki/Security-Updates-2-2 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6dc68905"); script_set_attribute(attribute:"solution", value:"n/a."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-15041"); script_set_attribute(attribute:"patch_publication_date", value:"2017/11/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:bash"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:go"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:libtiff"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:systemd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } exit(0, "This plugin has been deprecated."); include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; pkgs = [ "bash-4.4.12-1.ph2", "bash-debuginfo-4.4.12-1.ph2", "bash-devel-4.4.12-1.ph2", "bash-lang-4.4.12-1.ph2", "curl-7.54.1-3.ph2", "curl-debuginfo-7.54.1-3.ph2", "curl-devel-7.54.1-3.ph2", "curl-libs-7.54.1-3.ph2", "go-1.9.1-1.ph2", "go-debuginfo-1.9.1-1.ph2", "libtiff-4.0.8-5.ph2", "libtiff-debuginfo-4.0.8-5.ph2", "libtiff-devel-4.0.8-5.ph2", "systemd-233-11.ph2", "systemd-debuginfo-233-11.ph2", "systemd-devel-233-11.ph2", "systemd-lang-233-11.ph2" ]; foreach (pkg in pkgs) if (rpm_check(release:"PhotonOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bash / curl / go / libtiff / systemd"); }NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0045_SYSTEMD.NASL description An update of the systemd package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121764 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121764 title Photon OS 2.0: Systemd PHSA-2017-0045 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2017-0045. The text # itself is copyright (C) VMware, Inc. include('compat.inc'); if (description) { script_id(121764); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2019/02/07"); script_cve_id("CVE-2017-15908"); script_name(english:"Photon OS 2.0: Systemd PHSA-2017-0045"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the systemd package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-2.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-15041"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/17"); script_set_attribute(attribute:"patch_publication_date", value:"2017/11/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:systemd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-2.0", reference:"systemd-233-11.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"systemd-debuginfo-233-11.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"systemd-devel-233-11.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"systemd-lang-233-11.ph2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0299-1.NASL description This update for systemd fixes several issues. This security issue was fixed : - CVE-2018-1049: Prevent race that can lead to DoS when using automounts (bsc#1076308). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 106529 published 2018-01-31 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106529 title SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2018:0299-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2018:0299-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(106529); script_version("3.4"); script_cvs_date("Date: 2019/09/10 13:51:46"); script_cve_id("CVE-2017-15908", "CVE-2018-1049"); script_name(english:"SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2018:0299-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for systemd fixes several issues. This security issue was fixed : - CVE-2018-1049: Prevent race that can lead to DoS when using automounts (bsc#1076308). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1048510" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1065276" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1066156" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1068251" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1070428" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1071558" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1074254" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1075724" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1076308" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=897422" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-15908/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-1049/" ); # https://www.suse.com/support/update/announcement/2018/suse-su-20180299-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?711b8113" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-213=1 SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-213=1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-213=1 SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-213=1 SUSE Linux Enterprise Server 12-SP2:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-213=1 SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-213=1 SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-213=1 SUSE CaaS Platform ALL:zypper in -t patch SUSE-CAASP-ALL-2018-213=1 OpenStack Cloud Magnum Orchestration 7:zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-213=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsystemd0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsystemd0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsystemd0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsystemd0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev1-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-sysvinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:udev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:udev-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/26"); script_set_attribute(attribute:"patch_publication_date", value:"2018/01/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/31"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(2|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP2/3", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(2|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP2/3", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"3", reference:"libsystemd0-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsystemd0-debuginfo-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libudev1-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libudev1-debuginfo-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"systemd-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"systemd-debuginfo-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"systemd-debugsource-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"systemd-sysvinit-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"udev-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"udev-debuginfo-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsystemd0-32bit-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsystemd0-debuginfo-32bit-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libudev1-32bit-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libudev1-debuginfo-32bit-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"systemd-32bit-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"systemd-debuginfo-32bit-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libsystemd0-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libsystemd0-debuginfo-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libudev1-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libudev1-debuginfo-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"systemd-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"systemd-debuginfo-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"systemd-debugsource-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"systemd-sysvinit-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"udev-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"udev-debuginfo-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libsystemd0-32bit-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libsystemd0-debuginfo-32bit-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libudev1-32bit-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libudev1-debuginfo-32bit-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"systemd-32bit-228-150.29.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"systemd-debuginfo-32bit-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsystemd0-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsystemd0-32bit-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsystemd0-debuginfo-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsystemd0-debuginfo-32bit-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libudev1-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libudev1-32bit-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libudev1-debuginfo-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libudev1-debuginfo-32bit-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"systemd-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"systemd-32bit-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"systemd-debuginfo-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"systemd-debuginfo-32bit-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"systemd-debugsource-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"systemd-sysvinit-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"udev-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"udev-debuginfo-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libsystemd0-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libsystemd0-32bit-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libsystemd0-debuginfo-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libsystemd0-debuginfo-32bit-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libudev1-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libudev1-32bit-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libudev1-debuginfo-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libudev1-debuginfo-32bit-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"systemd-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"systemd-32bit-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"systemd-debuginfo-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"systemd-debuginfo-32bit-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"systemd-debugsource-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"systemd-sysvinit-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"udev-228-150.29.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"udev-debuginfo-228-150.29.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd"); }