Vulnerabilities > CVE-2018-1049 - Race Condition vulnerability in multiple products

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL

Summary

In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.

Vulnerable Configurations

Part Description Count
Application
Systemd_Project
123
OS
Redhat
13
OS
Canonical
2
OS
Debian
1

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2364.NASL
    descriptionAccording to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.(CVE-2018-16888) - In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.(CVE-2018-1049) - A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.(CVE-2018-15686) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-10
    plugin id131856
    published2019-12-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131856
    titleEulerOS 2.0 SP2 : systemd (EulerOS-SA-2019-2364)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131856);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2018-1049",
        "CVE-2018-15686",
        "CVE-2018-16888"
      );
    
      script_name(english:"EulerOS 2.0 SP2 : systemd (EulerOS-SA-2019-2364)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the systemd packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - It was discovered systemd does not correctly check the
        content of PIDFile files before using it to kill
        processes. When a service is run from an unprivileged
        user (e.g. User field set in the service file), a local
        attacker who is able to write to the PIDFile of the
        mentioned service may use this flaw to trick systemd
        into killing other services and/or privileged
        processes. Versions before v237 are
        vulnerable.(CVE-2018-16888)
    
      - In systemd prior to 234 a race condition exists between
        .mount and .automount units such that automount
        requests from kernel may not be serviced by systemd
        resulting in kernel holding the mountpoint and any
        processes that try to use said mount will hang. A race
        condition like this may lead to denial of service,
        until mount points are unmounted.(CVE-2018-1049)
    
      - A vulnerability in unit_deserialize of systemd allows
        an attacker to supply arbitrary state across systemd
        re-execution via NotifyAccess. This can be used to
        improperly influence systemd execution and possibly
        lead to root privilege escalation. Affected releases
        are systemd versions up to and including
        239.(CVE-2018-15686)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2364
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e5af84de");
      script_set_attribute(attribute:"solution", value:
    "Update the affected systemd packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/10");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libgudev1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libgudev1-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-sysv");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["libgudev1-219-30.6.h47",
            "libgudev1-devel-219-30.6.h47",
            "systemd-219-30.6.h47",
            "systemd-devel-219-30.6.h47",
            "systemd-libs-219-30.6.h47",
            "systemd-python-219-30.6.h47",
            "systemd-sysv-219-30.6.h47"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-117.NASL
    descriptionThis update for systemd fixes several issues. This security issue was fixed : - CVE-2018-1049: Prevent race that can lead to DoS when using automounts (bsc#1076308). These non-security issues were fixed : - core: don
    last seen2020-06-05
    modified2018-02-01
    plugin id106548
    published2018-02-01
    reporterThis script is Copyright (C) 2018-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/106548
    titleopenSUSE Security Update : systemd (openSUSE-2018-117)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2018-117.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(106548);
      script_version("3.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-15908", "CVE-2018-1049");
    
      script_name(english:"openSUSE Security Update : systemd (openSUSE-2018-117)");
      script_summary(english:"Check for the openSUSE-2018-117 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for systemd fixes several issues.
    
    This security issue was fixed :
    
      - CVE-2018-1049: Prevent race that can lead to DoS when
        using automounts (bsc#1076308).
    
    These non-security issues were fixed :
    
      - core: don't choke if a unit another unit triggers
        vanishes during reload
    
      - delta: don't ignore PREFIX when the given argument is
        PREFIX/SUFFIX
    
      - delta: extend skip logic to work on full directory paths
        (prefix+suffix) (bsc#1070428)
    
      - delta: check if a prefix needs to be skipped only once
    
      - delta: skip symlink paths when split-usr is enabled
        (#4591)
    
      - sysctl: use raw file descriptor in sysctl_write (#7753)
    
      - sd-netlink: don't take possesion of netlink fd from
        caller on failure (bsc#1074254)
    
      - Fix the regexp used to detect broken by-id symlinks in
        /etc/crypttab It was missing the following case:
        '/dev/disk/by-id/cr_-xxx'.
    
      - sysctl: disable buffer while writing to /proc
        (bsc#1071558)
    
      - Use read_line() and LONG_LINE_MAX to read values
        configuration files. (bsc#1071558)
    
      - sysctl: no need to check for eof twice
    
      - def: add new constant LONG_LINE_MAX
    
      - fileio: add new helper call read_line() as bounded
        getline() replacement
    
      - service: Don't stop unneeded units needed by restarted
        service (#7526) (bsc#1066156)
    
      - gpt-auto-generator: fix the handling of the value
        returned by fstab_has_fstype() in add_swap() (#6280)
    
      - gpt-auto-generator: disable gpt auto logic for swaps if
        at least one is defined in fstab (bsc#897422)
    
      - fstab-util: introduce fstab_has_fstype() helper
    
      - fstab-generator: ignore root=/dev/nfs (#3591)
    
      - fstab-generator: don't process root= if it happens to be
        'gpt-auto' (#3452)
    
      - virt: use XENFEAT_dom0 to detect the hardware domain
        (#6442, #6662) (#7581) (bsc#1048510)
    
      - analyze: replace --no-man with --man=no in the man page
        (bsc#1068251)
    
      - udev: net_setup_link: don't error out when we couldn't
        apply link config (#7328)
    
      - Add missing /etc/systemd/network directory
    
      - Fix parsing of features in detect_vm_xen_dom0 (#7890)
        (bsc#1048510)
    
      - sd-bus: use -- when passing arguments to ssh (#6706)
    
      - systemctl: make sure we terminate the bus connection
        first, and then close the pager (#3550)
    
      - sd-bus: bump message queue size (bsc#1075724)
    
      - tmpfiles: downgrade warning about duplicate line
    
    This update was imported from the SUSE:SLE-12-SP2:Update update
    project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048510"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1065276"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1066156"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1068251"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1070428"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1071558"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1074254"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1075724"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1076308"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=897422"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected systemd packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0-mini");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0-mini-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev-mini-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev-mini1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev-mini1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev1-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev1-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-myhostname");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-myhostname-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-myhostname-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-myhostname-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-mymachines");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-mymachines-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-bash-completion");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-logger");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini-bash-completion");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini-sysvinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-sysvinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:udev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:udev-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:udev-mini");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:udev-mini-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/01/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.3", reference:"libsystemd0-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libsystemd0-debuginfo-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libsystemd0-mini-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libsystemd0-mini-debuginfo-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libudev-devel-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libudev-mini-devel-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libudev-mini1-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libudev-mini1-debuginfo-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libudev1-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libudev1-debuginfo-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"nss-myhostname-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"nss-myhostname-debuginfo-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"nss-mymachines-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"nss-mymachines-debuginfo-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"systemd-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"systemd-bash-completion-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"systemd-debuginfo-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"systemd-debugsource-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"systemd-devel-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"systemd-logger-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"systemd-mini-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"systemd-mini-bash-completion-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"systemd-mini-debuginfo-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"systemd-mini-debugsource-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"systemd-mini-devel-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"systemd-mini-sysvinit-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"systemd-sysvinit-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"udev-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"udev-debuginfo-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"udev-mini-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"udev-mini-debuginfo-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsystemd0-32bit-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsystemd0-debuginfo-32bit-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libudev1-32bit-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libudev1-debuginfo-32bit-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"nss-myhostname-32bit-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"nss-myhostname-debuginfo-32bit-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"systemd-32bit-228-41.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"systemd-debuginfo-32bit-228-41.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsystemd0-mini / libsystemd0-mini-debuginfo / libudev-mini-devel / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1580.NASL
    descriptionsystemd was found to suffer from multiple security vulnerabilities ranging from denial of service attacks to possible root privilege escalation. CVE-2018-1049 A race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted. CVE-2018-15686 A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. CVE-2018-15688 A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd, which is not enabled by default in Debian. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id119039
    published2018-11-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119039
    titleDebian DLA-1580-1 : systemd security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-1580-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119039);
      script_version("1.5");
      script_cvs_date("Date: 2019/04/05 23:25:05");
    
      script_cve_id("CVE-2018-1049", "CVE-2018-15686", "CVE-2018-15688");
    
      script_name(english:"Debian DLA-1580-1 : systemd security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "systemd was found to suffer from multiple security vulnerabilities
    ranging from denial of service attacks to possible root privilege
    escalation.
    
    CVE-2018-1049
    
    A race condition exists between .mount and .automount units such that
    automount requests from kernel may not be serviced by systemd
    resulting in kernel holding the mountpoint and any processes that try
    to use said mount will hang. A race condition like this may lead to
    denial of service, until mount points are unmounted.
    
    CVE-2018-15686
    
    A vulnerability in unit_deserialize of systemd allows an attacker to
    supply arbitrary state across systemd re-execution via NotifyAccess.
    This can be used to improperly influence systemd execution and
    possibly lead to root privilege escalation.
    
    CVE-2018-15688
    
    A buffer overflow vulnerability in the dhcp6 client of systemd allows
    a malicious dhcp6 server to overwrite heap memory in systemd-networkd,
    which is not enabled by default in Debian.
    
    For Debian 8 'Jessie', these problems have been fixed in version
    215-17+deb8u8.
    
    We recommend that you upgrade your systemd packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/systemd"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gir1.2-gudev-1.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgudev-1.0-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgudev-1.0-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpam-systemd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsystemd-daemon-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsystemd-daemon0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsystemd-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsystemd-id128-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsystemd-id128-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsystemd-journal-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsystemd-journal0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsystemd-login-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsystemd-login0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsystemd0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libudev-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libudev1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libudev1-udeb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python3-systemd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:systemd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:systemd-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:systemd-sysv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udev-udeb");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/19");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"gir1.2-gudev-1.0", reference:"215-17+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"libgudev-1.0-0", reference:"215-17+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"libgudev-1.0-dev", reference:"215-17+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"libpam-systemd", reference:"215-17+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"libsystemd-daemon-dev", reference:"215-17+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"libsystemd-daemon0", reference:"215-17+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"libsystemd-dev", reference:"215-17+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"libsystemd-id128-0", reference:"215-17+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"libsystemd-id128-dev", reference:"215-17+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"libsystemd-journal-dev", reference:"215-17+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"libsystemd-journal0", reference:"215-17+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"libsystemd-login-dev", reference:"215-17+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"libsystemd-login0", reference:"215-17+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"libsystemd0", reference:"215-17+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"libudev-dev", reference:"215-17+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"libudev1", reference:"215-17+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"libudev1-udeb", reference:"215-17+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"python3-systemd", reference:"215-17+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"systemd", reference:"215-17+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"systemd-dbg", reference:"215-17+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"systemd-sysv", reference:"215-17+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"udev", reference:"215-17+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"udev-udeb", reference:"215-17+deb8u8")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0167_SYSTEMD.NASL
    descriptionAn update of the systemd package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121866
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121866
    titlePhoton OS 1.0: Systemd PHSA-2018-1.0-0167
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2018-1.0-0167. The text
    # itself is copyright (C) VMware, Inc.
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(121866);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2019/02/07");
    
      script_cve_id("CVE-2018-1049");
    
      script_name(english:"Photon OS 1.0: Systemd PHSA-2018-1.0-0167");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the systemd package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-167.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-6913");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/07/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:systemd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-1.0", reference:"systemd-228-47.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"systemd-debuginfo-228-47.ph1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3558-1.NASL
    descriptionKarim Hossen & Thomas Imbert and Nelson William Gamazo Sanchez independently discovered that systemd-resolved incorrectly handled certain DNS responses. A remote attacker could possibly use this issue to cause systemd to temporarily stop responding, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-15908) It was discovered that systemd incorrectly handled automounted volumes. A local attacker could possibly use this issue to cause applications to hang, resulting in a denial of service. (CVE-2018-1049). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id106620
    published2018-02-06
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106620
    titleUbuntu 14.04 LTS / 16.04 LTS : systemd vulnerabilities (USN-3558-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3558-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(106620);
      script_version("3.5");
      script_cvs_date("Date: 2019/09/18 12:31:48");
    
      script_cve_id("CVE-2017-15908", "CVE-2018-1049");
      script_xref(name:"USN", value:"3558-1");
    
      script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS : systemd vulnerabilities (USN-3558-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Karim Hossen & Thomas Imbert and Nelson William Gamazo Sanchez
    independently discovered that systemd-resolved incorrectly handled
    certain DNS responses. A remote attacker could possibly use this issue
    to cause systemd to temporarily stop responding, resulting in a denial
    of service. This issue only affected Ubuntu 16.04 LTS.
    (CVE-2017-15908)
    
    It was discovered that systemd incorrectly handled automounted
    volumes. A local attacker could possibly use this issue to cause
    applications to hang, resulting in a denial of service.
    (CVE-2018-1049).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3558-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected systemd package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:systemd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/02/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04|16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"systemd", pkgver:"204-5ubuntu20.26")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"systemd", pkgver:"229-4ubuntu21.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0167.NASL
    descriptionAn update of 'vim', 'ntp', 'openjdk', 'libmspack', 'blktrace', 'systemd', 'perl' packages of Photon OS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111946
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111946
    titlePhoton OS 1.0: Blktrace / Libmspack / Ntp / Openjdk / Perl / Systemd / Vim PHSA-2018-1.0-0167 (deprecated)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # @DEPRECATED@
    #
    # Disabled on 2/7/2019
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2018-1.0-0167. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111946);
      script_version("1.3");
      script_cvs_date("Date: 2019/04/05 23:25:07");
    
      script_cve_id(
        "CVE-2017-11423",
        "CVE-2017-1000382",
        "CVE-2018-1049",
        "CVE-2018-2938",
        "CVE-2018-2940",
        "CVE-2018-2941",
        "CVE-2018-2942",
        "CVE-2018-2964",
        "CVE-2018-2972",
        "CVE-2018-2973",
        "CVE-2018-6797",
        "CVE-2018-6798",
        "CVE-2018-6913",
        "CVE-2018-7182",
        "CVE-2018-7183",
        "CVE-2018-7184",
        "CVE-2018-7185",
        "CVE-2018-10689"
      );
    
      script_name(english:"Photon OS 1.0: Blktrace / Libmspack / Ntp / Openjdk / Perl / Systemd / Vim PHSA-2018-1.0-0167 (deprecated)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "This plugin has been deprecated.");
      script_set_attribute(attribute:"description", value:
    "An update of 'vim', 'ntp', 'openjdk', 'libmspack', 'blktrace',
    'systemd', 'perl' packages of Photon OS has been released.");
      # https://github.com/vmware/photon/wiki/Security-Updates-1.0-167
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8b270eb8");
      script_set_attribute(attribute:"solution", value:"n/a.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-6797");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/07/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:blktrace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:libmspack");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:ntp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:systemd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:vim");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    exit(0, "This plugin has been deprecated.");
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    pkgs = [
      "blktrace-1.1.0-3.ph1",
      "blktrace-debuginfo-1.1.0-3.ph1",
      "libmspack-0.5alpha-4.ph1",
      "libmspack-debuginfo-0.5alpha-4.ph1",
      "ntp-4.2.8p11-1.ph1",
      "ntp-debuginfo-4.2.8p11-1.ph1",
      "openjdk-1.8.0.181-1.ph1",
      "openjdk-debuginfo-1.8.0.181-1.ph1",
      "openjdk-doc-1.8.0.181-1.ph1",
      "openjdk-sample-1.8.0.181-1.ph1",
      "openjdk-src-1.8.0.181-1.ph1",
      "perl-5.24.1-1.ph1",
      "perl-CGI-4.26-3.ph1",
      "perl-Config-IniFiles-2.88-3.ph1",
      "perl-Crypt-SSLeay-0.72-2.ph1",
      "perl-DBD-SQLite-1.50-6.ph1",
      "perl-DBD-SQLite-debuginfo-1.50-6.ph1",
      "perl-DBI-1.634-3.ph1",
      "perl-DBI-debuginfo-1.634-3.ph1",
      "perl-DBIx-Simple-1.35-3.ph1",
      "perl-Exporter-Tiny-0.042-3.ph1",
      "perl-File-HomeDir-1.00-3.ph1",
      "perl-File-Which-1.21-3.ph1",
      "perl-IO-Socket-SSL-2.024-3.ph1",
      "perl-JSON-Any-1.39-3.ph1",
      "perl-JSON-XS-3.01-3.ph1",
      "perl-JSON-XS-debuginfo-3.01-3.ph1",
      "perl-List-MoreUtils-0.413-3.ph1",
      "perl-List-MoreUtils-debuginfo-0.413-3.ph1",
      "perl-Module-Build-0.4216-3.ph1",
      "perl-Module-Install-1.16-3.ph1",
      "perl-Module-ScanDeps-1.18-3.ph1",
      "perl-Net-SSLeay-1.72-3.ph1",
      "perl-Net-SSLeay-debuginfo-1.72-3.ph1",
      "perl-Object-Accessor-0.48-3.ph1",
      "perl-Path-Class-0.37-2.ph1",
      "perl-Try-Tiny-0.28-2.ph1",
      "perl-Types-Serialiser-1.0-3.ph1",
      "perl-WWW-Curl-4.17-4.ph1",
      "perl-WWW-Curl-debuginfo-4.17-4.ph1",
      "perl-YAML-1.15-3.ph1",
      "perl-YAML-Tiny-1.69-3.ph1",
      "perl-common-sense-3.74-3.ph1",
      "perl-debuginfo-5.24.1-1.ph1",
      "perl-libintl-1.24-3.ph1",
      "perl-libintl-debuginfo-1.24-3.ph1",
      "systemd-228-47.ph1",
      "systemd-debuginfo-228-47.ph1",
      "vim-7.4-10.ph1",
      "vim-extra-7.4-10.ph1"
    ];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"PhotonOS-1.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "blktrace / libmspack / ntp / openjdk / perl / systemd / vim");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1412.NASL
    descriptionAccording to the versions of the systemd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.(CVE-2018-16864) - An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.(CVE-2018-16865) - An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).(CVE-2019-6454) - A race condition was found in systemd. This could result in automount requests not being serviced and processes using them could hang, causing denial of service.(CVE-2018-1049) - It was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id124915
    published2019-05-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124915
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : systemd (EulerOS-SA-2019-1412)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124915);
      script_version("1.6");
      script_cvs_date("Date: 2019/07/02 12:46:54");
    
      script_cve_id(
        "CVE-2018-1049",
        "CVE-2018-15688",
        "CVE-2018-16864",
        "CVE-2018-16865",
        "CVE-2019-6454"
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.1.0 : systemd (EulerOS-SA-2019-1412)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the systemd packages installed, the
    EulerOS Virtualization for ARM 64 installation on the remote host is
    affected by the following vulnerabilities :
    
      - An allocation of memory without limits, that could
        result in the stack clashing with another memory
        region, was discovered in systemd-journald when a
        program with long command line arguments calls syslog.
        A local attacker may use this flaw to crash
        systemd-journald or escalate his privileges. Versions
        through v240 are vulnerable.(CVE-2018-16864)
    
      - An allocation of memory without limits, that could
        result in the stack clashing with another memory
        region, was discovered in systemd-journald when many
        entries are sent to the journal socket. A local
        attacker, or a remote one if systemd-journal-remote is
        used, may use this flaw to crash systemd-journald or
        execute code with journald privileges. Versions through
        v240 are vulnerable.(CVE-2018-16865)
    
      - An issue was discovered in sd-bus in systemd 239.
        bus_process_object() in libsystemd/sd-bus/bus-objects.c
        allocates a variable-length stack buffer for
        temporarily storing the object path of incoming D-Bus
        messages. An unprivileged local user can exploit this
        by sending a specially crafted message to PID1, causing
        the stack pointer to jump over the stack guard pages
        into an unmapped memory region and trigger a denial of
        service (systemd PID1 crash and kernel
        panic).(CVE-2019-6454)
    
      - A race condition was found in systemd. This could
        result in automount requests not being serviced and
        processes using them could hang, causing denial of
        service.(CVE-2018-1049)
    
      - It was discovered that systemd-network does not
        correctly keep track of a buffer size when constructing
        DHCPv6 packets. This flaw may lead to an integer
        underflow that can be used to produce an heap-based
        buffer overflow. A malicious host on the same network
        segment as the victim's one may advertise itself as a
        DHCPv6 server and exploit this flaw to cause a Denial
        of Service or potentially gain code execution on the
        victim's machine.(CVE-2018-15688)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1412
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3c0b4fd4");
      script_set_attribute(attribute:"solution", value:
    "Update the affected systemd packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libgudev1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-networkd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-resolved");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-sysv");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["libgudev1-219-57.h82",
            "systemd-219-57.h82",
            "systemd-libs-219-57.h82",
            "systemd-networkd-219-57.h82",
            "systemd-python-219-57.h82",
            "systemd-resolved-219-57.h82",
            "systemd-sysv-219-57.h82"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2018-961.NASL
    descriptionAccess to automounted volumes can lock up A race condition was found in systemd. This could result in automount requests not being serviced and processes using them could hang, causing denial of service.(CVE-2018-1049)
    last seen2020-06-01
    modified2020-06-02
    plugin id109129
    published2018-04-18
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109129
    titleAmazon Linux 2 : systemd (ALAS-2018-961)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux 2 Security Advisory ALAS-2018-961.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(109129);
      script_version("1.1");
      script_cvs_date("Date: 2018/04/18 15:09:32");
    
      script_cve_id("CVE-2018-1049");
      script_xref(name:"ALAS", value:"2018-961");
    
      script_name(english:"Amazon Linux 2 : systemd (ALAS-2018-961)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux 2 host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Access to automounted volumes can lock up
    
    A race condition was found in systemd. This could result in automount
    requests not being serviced and processes using them could hang,
    causing denial of service.(CVE-2018-1049)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/AL2/ALAS-2018-961.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update systemd' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libgudev1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libgudev1-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:systemd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:systemd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:systemd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:systemd-journal-gateway");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:systemd-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:systemd-networkd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:systemd-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:systemd-resolved");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:systemd-sysv");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/02/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "2")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libgudev1-219-42.amzn2.7")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libgudev1-devel-219-42.amzn2.7")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"systemd-219-42.amzn2.7")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"systemd-debuginfo-219-42.amzn2.7")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"systemd-devel-219-42.amzn2.7")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"systemd-journal-gateway-219-42.amzn2.7")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"systemd-libs-219-42.amzn2.7")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"systemd-networkd-219-42.amzn2.7")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"systemd-python-219-42.amzn2.7")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"systemd-resolved-219-42.amzn2.7")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"systemd-sysv-219-42.amzn2.7")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libgudev1 / libgudev1-devel / systemd / systemd-debuginfo / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-0260.NASL
    descriptionAn update for systemd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * A race condition was found in systemd. This could result in automount requests not being serviced and processes using them could hang, causing denial of service. (CVE-2018-1049)
    last seen2020-06-01
    modified2020-06-02
    plugin id106553
    published2018-02-01
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106553
    titleRHEL 7 : systemd (RHSA-2018:0260)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-0260.NASL
    descriptionFrom Red Hat Security Advisory 2018:0260 : An update for systemd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * A race condition was found in systemd. This could result in automount requests not being serviced and processes using them could hang, causing denial of service. (CVE-2018-1049)
    last seen2020-06-01
    modified2020-06-02
    plugin id106571
    published2018-02-02
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106571
    titleOracle Linux 7 : systemd (ELSA-2018-0260)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0076_SYSTEMD.NASL
    descriptionAn update of the systemd package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121972
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121972
    titlePhoton OS 2.0: Systemd PHSA-2018-2.0-0076
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0076.NASL
    descriptionAn update of 'vim', 'blktrace', 'systemd' packages of Photon OS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111960
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111960
    titlePhoton OS 2.0: Blktrace / Systemd / Vim PHSA-2018-2.0-0076 (deprecated)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0014_SYSTEMD.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 5.04, has systemd packages installed that are affected by a vulnerability: - A race condition was found in systemd. This could result in automount requests not being serviced and processes using them could hang, causing denial of service. (CVE-2018-1049) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127166
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127166
    titleNewStart CGSL MAIN 5.04 : systemd Vulnerability (NS-SA-2019-0014)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1243.NASL
    descriptionAccording to the version of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.(CVE-2018-1049) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id117552
    published2018-09-18
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117552
    titleEulerOS Virtualization 2.5.0 : systemd (EulerOS-SA-2018-1243)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180131_SYSTEMD_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - A race condition was found in systemd. This could result in automount requests not being serviced and processes using them could hang, causing denial of service. (CVE-2018-1049)
    last seen2020-03-18
    modified2018-02-01
    plugin id106554
    published2018-02-01
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106554
    titleScientific Linux Security Update : systemd on SL7.x x86_64 (20180131)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-0260.NASL
    descriptionAn update for systemd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * A race condition was found in systemd. This could result in automount requests not being serviced and processes using them could hang, causing denial of service. (CVE-2018-1049)
    last seen2020-06-01
    modified2020-06-02
    plugin id106566
    published2018-02-02
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106566
    titleCentOS 7 : systemd (CESA-2018:0260)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0299-1.NASL
    descriptionThis update for systemd fixes several issues. This security issue was fixed : - CVE-2018-1049: Prevent race that can lead to DoS when using automounts (bsc#1076308). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id106529
    published2018-01-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106529
    titleSUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2018:0299-1)

Redhat

advisories
bugzilla
id1534701
titleCVE-2018-1049 systemd: automount: access to automounted volumes can lock up
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 7 is installed
      ovaloval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • commentlibgudev1-devel is earlier than 0:219-42.el7_4.7
          ovaloval:com.redhat.rhsa:tst:20180260001
        • commentlibgudev1-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152092018
      • AND
        • commentsystemd-libs is earlier than 0:219-42.el7_4.7
          ovaloval:com.redhat.rhsa:tst:20180260003
        • commentsystemd-libs is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152092016
      • AND
        • commentsystemd-devel is earlier than 0:219-42.el7_4.7
          ovaloval:com.redhat.rhsa:tst:20180260005
        • commentsystemd-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152092020
      • AND
        • commentsystemd is earlier than 0:219-42.el7_4.7
          ovaloval:com.redhat.rhsa:tst:20180260007
        • commentsystemd is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152092014
      • AND
        • commentlibgudev1 is earlier than 0:219-42.el7_4.7
          ovaloval:com.redhat.rhsa:tst:20180260009
        • commentlibgudev1 is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152092010
      • AND
        • commentsystemd-sysv is earlier than 0:219-42.el7_4.7
          ovaloval:com.redhat.rhsa:tst:20180260011
        • commentsystemd-sysv is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152092008
      • AND
        • commentsystemd-python is earlier than 0:219-42.el7_4.7
          ovaloval:com.redhat.rhsa:tst:20180260013
        • commentsystemd-python is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152092012
      • AND
        • commentsystemd-journal-gateway is earlier than 0:219-42.el7_4.7
          ovaloval:com.redhat.rhsa:tst:20180260015
        • commentsystemd-journal-gateway is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152092006
      • AND
        • commentsystemd-resolved is earlier than 0:219-42.el7_4.7
          ovaloval:com.redhat.rhsa:tst:20180260017
        • commentsystemd-resolved is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152092002
      • AND
        • commentsystemd-networkd is earlier than 0:219-42.el7_4.7
          ovaloval:com.redhat.rhsa:tst:20180260019
        • commentsystemd-networkd is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152092004
rhsa
idRHSA-2018:0260
released2018-01-31
severityModerate
titleRHSA-2018:0260: systemd security update (Moderate)
rpms
  • libgudev1-0:219-42.el7_4.7
  • libgudev1-devel-0:219-42.el7_4.7
  • systemd-0:219-42.el7_4.7
  • systemd-debuginfo-0:219-42.el7_4.7
  • systemd-devel-0:219-42.el7_4.7
  • systemd-journal-gateway-0:219-42.el7_4.7
  • systemd-libs-0:219-42.el7_4.7
  • systemd-networkd-0:219-42.el7_4.7
  • systemd-python-0:219-42.el7_4.7
  • systemd-resolved-0:219-42.el7_4.7
  • systemd-sysv-0:219-42.el7_4.7