Vulnerabilities > CVE-2018-15686 - Deserialization of Untrusted Data vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 | |
| OS | 3 | |
| Application | 3 | |
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| file | exploits/linux/dos/45714.c |
| id | EDB-ID:45714 |
| last seen | 2018-11-30 |
| modified | 2018-10-29 |
| platform | linux |
| port | |
| published | 2018-10-29 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/45714 |
| title | systemd - 'reexec' State Injection |
| type | dos |
Nessus
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2364.NASL description According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.(CVE-2018-16888) - In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.(CVE-2018-1049) - A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.(CVE-2018-15686) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-10 plugin id 131856 published 2019-12-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131856 title EulerOS 2.0 SP2 : systemd (EulerOS-SA-2019-2364) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(131856); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07"); script_cve_id( "CVE-2018-1049", "CVE-2018-15686", "CVE-2018-16888" ); script_name(english:"EulerOS 2.0 SP2 : systemd (EulerOS-SA-2019-2364)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.(CVE-2018-16888) - In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.(CVE-2018-1049) - A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.(CVE-2018-15686) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2364 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e5af84de"); script_set_attribute(attribute:"solution", value: "Update the affected systemd packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libgudev1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libgudev1-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-sysv"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["libgudev1-219-30.6.h47", "libgudev1-devel-219-30.6.h47", "systemd-219-30.6.h47", "systemd-devel-219-30.6.h47", "systemd-libs-219-30.6.h47", "systemd-python-219-30.6.h47", "systemd-sysv-219-30.6.h47"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd"); }NASL family Fedora Local Security Checks NASL id FEDORA_2018-24BD6C9D4A.NASL description - Fix a local vulnerability from a race condition in chown-recursive (CVE-2018-15687, #1643367) - Fix a local vulnerability from invalid handling of long lines in state deserialization (CVE-2018-15686, #1643372) - Fix a remote vulnerability in DHCPv6 in systemd-networkd (CVE-2018-15688, #1643362) - Downgrade logging of various messages and add loging in other places - Many many fixes in error handling and minor memory leaks and such - Fix typos and omissions in documentation - Various smaller improvements to unit ordering and dependencies - Handling of invalid (intentionally corrupt) dbus messages is improved, fixing potential local DOS avenues - The target of symlinks links in .wants/ and .requires/ is now ignored. This fixes an issue where the unit file would sometimes be loaded from such a symlink, leading to non-deterministic unit contents. - Filtering of kernel threads is improved. This fixes an issues with newer kernels where hybrid kernel/user threads are used by bpfilter. - Catalog entries for the journal are improved (#1639482) No need to reboot or log out. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120295 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120295 title Fedora 28 : systemd (2018-24bd6c9d4a) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-24bd6c9d4a. # include("compat.inc"); if (description) { script_id(120295); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-15686", "CVE-2018-15687", "CVE-2018-15688"); script_xref(name:"FEDORA", value:"2018-24bd6c9d4a"); script_name(english:"Fedora 28 : systemd (2018-24bd6c9d4a)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Fix a local vulnerability from a race condition in chown-recursive (CVE-2018-15687, #1643367) - Fix a local vulnerability from invalid handling of long lines in state deserialization (CVE-2018-15686, #1643372) - Fix a remote vulnerability in DHCPv6 in systemd-networkd (CVE-2018-15688, #1643362) - Downgrade logging of various messages and add loging in other places - Many many fixes in error handling and minor memory leaks and such - Fix typos and omissions in documentation - Various smaller improvements to unit ordering and dependencies - Handling of invalid (intentionally corrupt) dbus messages is improved, fixing potential local DOS avenues - The target of symlinks links in .wants/ and .requires/ is now ignored. This fixes an issue where the unit file would sometimes be loaded from such a symlink, leading to non-deterministic unit contents. - Filtering of kernel threads is improved. This fixes an issues with newer kernels where hybrid kernel/user threads are used by bpfilter. - Catalog entries for the journal are improved (#1639482) No need to reboot or log out. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-24bd6c9d4a" ); script_set_attribute( attribute:"solution", value:"Update the affected systemd package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:systemd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/26"); script_set_attribute(attribute:"patch_publication_date", value:"2018/11/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC28", reference:"systemd-238-10.git438ac26.fc28")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-3222.NASL description An update for systemd is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * systemd: line splitting via fgets() allows for state injection during daemon-reexec (CVE-2018-15686) * systemd: out-of-bounds read when parsing a crafted syslog message (CVE-2018-16866) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * Layered slices are left in a last seen 2020-06-01 modified 2020-06-02 plugin id 130377 published 2019-10-30 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130377 title RHEL 7 : systemd (RHSA-2019:3222) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2019:3222. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(130377); script_version("1.3"); script_cvs_date("Date: 2020/01/15"); script_cve_id("CVE-2018-15686", "CVE-2018-16866"); script_xref(name:"RHSA", value:"2019:3222"); script_name(english:"RHEL 7 : systemd (RHSA-2019:3222)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for systemd is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * systemd: line splitting via fgets() allows for state injection during daemon-reexec (CVE-2018-15686) * systemd: out-of-bounds read when parsing a crafted syslog message (CVE-2018-16866) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * Layered slices are left in a 'dead' state if slices are stopped that have child slices underneath (BZ#1729227)" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2019:3222" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2018-15686" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2018-16866" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libgudev1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libgudev1-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-journal-gateway"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-networkd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-resolved"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-sysv"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/26"); script_set_attribute(attribute:"patch_publication_date", value:"2019/10/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2019:3222"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL7", sp:"6", reference:"libgudev1-219-62.el7_6.11")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390", reference:"libgudev1-219-62.el7_6.11")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libgudev1-219-62.el7_6.11")) flag++; if (rpm_check(release:"RHEL7", sp:"6", reference:"libgudev1-devel-219-62.el7_6.11")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390", reference:"libgudev1-devel-219-62.el7_6.11")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libgudev1-devel-219-62.el7_6.11")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"systemd-219-62.el7_6.11")) flag++; if (rpm_check(release:"RHEL7", sp:"6", cpu:"x86_64", reference:"systemd-219-62.el7_6.11")) flag++; if (rpm_check(release:"RHEL7", sp:"6", reference:"systemd-debuginfo-219-62.el7_6.11")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390", reference:"systemd-debuginfo-219-62.el7_6.11")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"systemd-debuginfo-219-62.el7_6.11")) flag++; if (rpm_check(release:"RHEL7", sp:"6", reference:"systemd-devel-219-62.el7_6.11")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390", reference:"systemd-devel-219-62.el7_6.11")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"systemd-devel-219-62.el7_6.11")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"systemd-journal-gateway-219-62.el7_6.11")) flag++; if (rpm_check(release:"RHEL7", sp:"6", cpu:"x86_64", reference:"systemd-journal-gateway-219-62.el7_6.11")) flag++; if (rpm_check(release:"RHEL7", sp:"6", reference:"systemd-libs-219-62.el7_6.11")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390", reference:"systemd-libs-219-62.el7_6.11")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"systemd-libs-219-62.el7_6.11")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"systemd-networkd-219-62.el7_6.11")) flag++; if (rpm_check(release:"RHEL7", sp:"6", cpu:"x86_64", reference:"systemd-networkd-219-62.el7_6.11")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"systemd-python-219-62.el7_6.11")) flag++; if (rpm_check(release:"RHEL7", sp:"6", cpu:"x86_64", reference:"systemd-python-219-62.el7_6.11")) flag++; if (rpm_check(release:"RHEL7", sp:"6", reference:"systemd-resolved-219-62.el7_6.11")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390", reference:"systemd-resolved-219-62.el7_6.11")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"systemd-resolved-219-62.el7_6.11")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"systemd-sysv-219-62.el7_6.11")) flag++; if (rpm_check(release:"RHEL7", sp:"6", cpu:"x86_64", reference:"systemd-sysv-219-62.el7_6.11")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libgudev1 / libgudev1-devel / systemd / systemd-debuginfo / etc"); } }NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0203_BINUTILS.NASL description An update of the binutils package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 122014 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122014 title Photon OS 1.0: Binutils PHSA-2019-1.0-0203 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2019-1.0-0203. The text # itself is copyright (C) VMware, Inc. include('compat.inc'); if (description) { script_id(122014); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2019/02/07"); script_cve_id( "CVE-2018-17794", "CVE-2018-18484", "CVE-2018-18605", "CVE-2018-18606", "CVE-2018-18607" ); script_name(english:"Photon OS 1.0: Binutils PHSA-2019-1.0-0203"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the binutils package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-203.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-15686"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/18"); script_set_attribute(attribute:"patch_publication_date", value:"2019/01/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:binutils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-2.31-2.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-2.31-2.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-2.31-2.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-2.31-2.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-2.31-2.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-debuginfo-2.31-2.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-debuginfo-2.31-2.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-debuginfo-2.31-2.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-debuginfo-2.31-2.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-debuginfo-2.31-2.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-devel-2.31-2.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-devel-2.31-2.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-devel-2.31-2.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-devel-2.31-2.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-devel-2.31-2.ph1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "binutils"); }NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0196_SYSTEMD.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has systemd packages installed that are affected by multiple vulnerabilities: - A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re- execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239. (CVE-2018-15686) - It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable. (CVE-2018-16888) - An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon last seen 2020-06-01 modified 2020-06-02 plugin id 129929 published 2019-10-15 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129929 title NewStart CGSL CORE 5.04 / MAIN 5.04 : systemd Multiple Vulnerabilities (NS-SA-2019-0196) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from ZTE advisory NS-SA-2019-0196. The text # itself is copyright (C) ZTE, Inc. include("compat.inc"); if (description) { script_id(129929); script_version("1.2"); script_cvs_date("Date: 2019/10/17 14:31:05"); script_cve_id("CVE-2018-15686", "CVE-2018-16866", "CVE-2018-16888"); script_name(english:"NewStart CGSL CORE 5.04 / MAIN 5.04 : systemd Multiple Vulnerabilities (NS-SA-2019-0196)"); script_set_attribute(attribute:"synopsis", value: "The remote machine is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has systemd packages installed that are affected by multiple vulnerabilities: - A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re- execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239. (CVE-2018-15686) - It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable. (CVE-2018-16888) - An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable. (CVE-2018-16866) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0196"); script_set_attribute(attribute:"solution", value: "Upgrade the vulnerable CGSL systemd packages. Note that updated packages may not be available yet. Please contact ZTE for more information."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-15686"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/26"); script_set_attribute(attribute:"patch_publication_date", value:"2019/10/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"NewStart CGSL Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/ZTE-CGSL/release"); if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux"); if (release !~ "CGSL CORE 5.04" && release !~ "CGSL MAIN 5.04") audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04'); if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu); flag = 0; pkgs = { "CGSL CORE 5.04": [ "libgudev1-219-67.el7.cgslv5.0.14.g2212dcb.lite", "libgudev1-devel-219-67.el7.cgslv5.0.14.g2212dcb.lite", "systemd-219-67.el7.cgslv5.0.14.g2212dcb.lite", "systemd-debuginfo-219-67.el7.cgslv5.0.14.g2212dcb.lite", "systemd-devel-219-67.el7.cgslv5.0.14.g2212dcb.lite", "systemd-journal-gateway-219-67.el7.cgslv5.0.14.g2212dcb.lite", "systemd-libs-219-67.el7.cgslv5.0.14.g2212dcb.lite", "systemd-networkd-219-67.el7.cgslv5.0.14.g2212dcb.lite", "systemd-python-219-67.el7.cgslv5.0.14.g2212dcb.lite", "systemd-resolved-219-67.el7.cgslv5.0.14.g2212dcb.lite", "systemd-sysv-219-67.el7.cgslv5.0.14.g2212dcb.lite" ], "CGSL MAIN 5.04": [ "libgudev1-219-67.el7.cgslv5.0.10.gf4ec716", "libgudev1-devel-219-67.el7.cgslv5.0.10.gf4ec716", "systemd-219-67.el7.cgslv5.0.10.gf4ec716", "systemd-debuginfo-219-67.el7.cgslv5.0.10.gf4ec716", "systemd-devel-219-67.el7.cgslv5.0.10.gf4ec716", "systemd-journal-gateway-219-67.el7.cgslv5.0.10.gf4ec716", "systemd-libs-219-67.el7.cgslv5.0.10.gf4ec716", "systemd-networkd-219-67.el7.cgslv5.0.10.gf4ec716", "systemd-python-219-67.el7.cgslv5.0.10.gf4ec716", "systemd-resolved-219-67.el7.cgslv5.0.10.gf4ec716", "systemd-sysv-219-67.el7.cgslv5.0.10.gf4ec716" ] }; pkg_list = pkgs[release]; foreach (pkg in pkg_list) if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd"); }NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0203_STRONGSWAN.NASL description An update of the strongswan package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 122019 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122019 title Photon OS 1.0: Strongswan PHSA-2019-1.0-0203 NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3767-2.NASL description This update for systemd fixes the following issues : Security issues fixed : CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non-security issues fixed: dhcp6: split assert_return() to be more debuggable when hit core: skip unit deserialization and move to the next one when unit_deserialize() fails core: properly handle deserialization of unknown unit types (#6476) core: don last seen 2020-06-01 modified 2020-06-02 plugin id 119575 published 2018-12-11 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119575 title SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2018:3767-2) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0203_NET.NASL description An update of the net package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 122017 published 2019-02-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122017 title Photon OS 1.0: Net PHSA-2019-1.0-0203 NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1580.NASL description systemd was found to suffer from multiple security vulnerabilities ranging from denial of service attacks to possible root privilege escalation. CVE-2018-1049 A race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted. CVE-2018-15686 A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. CVE-2018-15688 A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd, which is not enabled by default in Debian. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 119039 published 2018-11-20 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119039 title Debian DLA-1580-1 : systemd security update NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-2091.NASL description An update for systemd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * systemd: line splitting via fgets() allows for state injection during daemon-reexec (CVE-2018-15686) * systemd: out-of-bounds read when parsing a crafted syslog message (CVE-2018-16866) * systemd: kills privileged process if unprivileged PIDFile was tampered (CVE-2018-16888) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 128350 published 2019-08-30 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128350 title CentOS 7 : systemd (CESA-2019:2091) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0203_CURL.NASL description An update of the curl package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 122015 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122015 title Photon OS 1.0: Curl PHSA-2019-1.0-0203 NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2232.NASL description According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.(CVE-2018-16888) - A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.(CVE-2018-15686) - An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon last seen 2020-05-08 modified 2019-11-08 plugin id 130694 published 2019-11-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130694 title EulerOS 2.0 SP5 : systemd (EulerOS-SA-2019-2232) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1264.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1264 advisory. - systemd: line splitting via fgets() allows for state injection during daemon-reexec (CVE-2018-15686) - systemd: out-of-bounds read when parsing a crafted syslog message (CVE-2018-16866) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-04-23 modified 2020-04-01 plugin id 135087 published 2020-04-01 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135087 title RHEL 7 : systemd (RHSA-2020:1264) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-2091.NASL description An update for systemd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * systemd: line splitting via fgets() allows for state injection during daemon-reexec (CVE-2018-15686) * systemd: out-of-bounds read when parsing a crafted syslog message (CVE-2018-16866) * systemd: kills privileged process if unprivileged PIDFile was tampered (CVE-2018-16888) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 127669 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127669 title RHEL 7 : systemd (RHSA-2019:2091) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1998.NASL description According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It has been discovered that systemd-tmpfiles mishandles symbolic links present in non-terminal path components. In some configurations a local user could use this vulnerability to get access to arbitrary files when the systemd-tmpfiles command is run.(CVE-2018-6954) - An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon last seen 2020-05-08 modified 2019-09-24 plugin id 129191 published 2019-09-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129191 title EulerOS 2.0 SP3 : systemd (EulerOS-SA-2019-1998) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3816-1.NASL description Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. (CVE-2018-15686) Jann Horn discovered a race condition in chown_one(). A local attacker could potentially exploit this by setting arbitrary permissions on certain files to obtain root privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-15687) It was discovered that systemd-tmpfiles mishandled symlinks in non-terminal path components. A local attacker could potentially exploit this by gaining ownership of certain files to obtain root privileges. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-6954). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 118907 published 2018-11-13 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118907 title Ubuntu 16.04 LTS / 18.04 LTS / 18.10 : systemd vulnerabilities (USN-3816-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1451.NASL description According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.(CVE-2018-16888) - An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon last seen 2020-04-30 modified 2020-04-16 plugin id 135613 published 2020-04-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135613 title EulerOS Virtualization 3.0.2.2 : systemd (EulerOS-SA-2020-1451) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0054-1.NASL description This update for systemd fixes the following issues : Fix security vulnerabilities CVE-2018-16864 and CVE-2018-16865 (bsc#1120323): Both issues were memory corruptions via attacker-controlled alloca which could have been used to gain root privileges by a local attacker. Fix security vulnerability CVE-2018-15686 (bsc#1113665): A vulnerability in unit_deserialize of systemd used to allow an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This could have been used to improperly influence systemd execution and possibly lead to root privilege escalation. Remedy 2048 character line-length limit in systemd-sysctl code that would cause parser failures if /etc/sysctl.conf contained lines that exceeded this length (bsc#1071558). Fix a bug in systemd last seen 2020-06-01 modified 2020-06-02 plugin id 121061 published 2019-01-10 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121061 title SUSE SLES12 Security Update : systemd (SUSE-SU-2019:0054-1) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0242_SYSTEMD.NASL description The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has systemd packages installed that are affected by multiple vulnerabilities: - A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re- execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239. (CVE-2018-15686) - It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable. (CVE-2018-16888) - An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon last seen 2020-06-01 modified 2020-06-02 plugin id 132460 published 2019-12-31 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132460 title NewStart CGSL CORE 5.05 / MAIN 5.05 : systemd Multiple Vulnerabilities (NS-SA-2019-0242) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-909.NASL description This update for systemd fixes the following issues : Security issues fixed : - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non security issues fixed : - dhcp6: split assert_return() to be more debuggable when hit - core: skip unit deserialization and move to the next one when unit_deserialize() fails - core: properly handle deserialization of unknown unit types (#6476) - core: don last seen 2020-06-01 modified 2020-06-02 plugin id 123371 published 2019-03-27 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123371 title openSUSE Security Update : systemd (openSUSE-2019-909) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3816-2.NASL description USN-3816-1 fixed several vulnerabilities in systemd. However, the fix for CVE-2018-6954 was not sufficient. This update provides the remaining fixes. We apologize for the inconvenience. Original advisory details : Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. (CVE-2018-15686) Jann Horn discovered a race condition in chown_one(). A local attacker could potentially exploit this by setting arbitrary permissions on certain files to obtain root privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-15687) It was discovered that systemd-tmpfiles mishandled symlinks in non-terminal path components. A local attacker could potentially exploit this by gaining ownership of certain files to obtain root privileges. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-6954). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 119043 published 2018-11-20 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119043 title Ubuntu 16.04 LTS / 18.04 LTS / 18.10 : systemd vulnerability (USN-3816-2) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0053-1.NASL description This update for systemd fixes the following issues : Fix security vulnerabilities CVE-2018-16864 and CVE-2018-16865 (bsc#1120323): Both issues were memory corruptions via attacker-controlled alloca which could have been used to gain root privileges by a local attacker. Fix security vulnerability CVE-2018-15686 (bsc#1113665): A vulnerability in unit_deserialize of systemd used to allow an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This could have been used to improperly influence systemd execution and possibly lead to root privilege escalation. Remedy 2048 character line-length limit in systemd-sysctl code that would cause parser failures if /etc/sysctl.conf contained lines that exceeded this length (bsc#1071558). Fix a bug in systemd last seen 2020-06-01 modified 2020-06-02 plugin id 121060 published 2019-01-10 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121060 title SUSE SLES12 Security Update : systemd (SUSE-SU-2019:0053-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3816-3.NASL description USN-3816-1 fixed vulnerabilities in systemd. The fix for CVE-2018-6954 caused a regression in systemd-tmpfiles when running Ubuntu inside a container on some older kernels. This issue only affected Ubuntu 16.04 LTS. In order to continue to support this configuration, the fixes for CVE-2018-6954 have been reverted. We apologize for the inconvenience. Original advisory details : Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. (CVE-2018-15686) Jann Horn discovered a race condition in chown_one(). A local attacker could potentially exploit this by setting arbitrary permissions on certain files to obtain root privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-15687) It was discovered that systemd-tmpfiles mishandled symlinks in non-terminal path components. A local attacker could potentially exploit this by gaining ownership of certain files to obtain root privileges. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-6954). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 119253 published 2018-11-28 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119253 title Ubuntu 16.04 LTS : systemd regression (USN-3816-3) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0203_HTTPD.NASL description An update of the httpd package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 122016 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122016 title Photon OS 1.0: Httpd PHSA-2019-1.0-0203 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-0593.NASL description An update for systemd is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * systemd: line splitting via fgets() allows for state injection during daemon-reexec (CVE-2018-15686) * systemd: out-of-bounds read when parsing a crafted syslog message (CVE-2018-16866) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-03-18 modified 2020-02-26 plugin id 134065 published 2020-02-26 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134065 title RHEL 7 : systemd (RHSA-2020:0593) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1216.NASL description According to the versions of the systemd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.(CVE-2018-16888) - An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon last seen 2020-03-19 modified 2020-03-13 plugin id 134505 published 2020-03-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134505 title EulerOS Virtualization for ARM 64 3.0.2.0 : systemd (EulerOS-SA-2020-1216) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3767-1.NASL description This update for systemd fixes the following issues : Security issues fixed : CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non-security issues fixed: dhcp6: split assert_return() to be more debuggable when hit core: skip unit deserialization and move to the next one when unit_deserialize() fails core: properly handle deserialization of unknown unit types (#6476) core: don last seen 2020-06-01 modified 2020-06-02 plugin id 118965 published 2018-11-15 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118965 title SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2018:3767-1) NASL family Fedora Local Security Checks NASL id FEDORA_2018-C402EEA18B.NASL description - Fix a local vulnerability from a race condition in chown-recursive (CVE-2018-15687, #1639076) - Fix a local vulnerability from invalid handling of long lines in state deserialization (CVE-2018-15686, #1639071) - Fix a remote vulnerability in DHCPv6 in systemd-networkd (CVE-2018-15688, #1639067) - The DHCP server is started only when link is UP - DHCPv6 prefix delegation is improved - Downgrade logging of various messages and add loging in other places - Many many fixes in error handling and minor memory leaks and such - Fix typos and omissions in documentation - Typo in %%_environmnentdir rpm macro is fixed (with backwards compatibility preserved) - Matching by MACAddress= in systemd-networkd is fixed - Creation of user runtime directories is improved, and the user manager is only stopped after 10 s after the user logs out (#1642460 and other bugs) - systemd units systemd-timesyncd, systemd-resolved, systemd-networkd are switched back to use DynamicUser=0 - Aliases are now resolved when loading modules from pid1. This is a (redundant) fix for a brief kernel regression. - last seen 2020-06-05 modified 2019-01-03 plugin id 120769 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120769 title Fedora 29 : systemd (2018-c402eea18b) NASL family Scientific Linux Local Security Checks NASL id SL_20190806_SYSTEMD_ON_SL7_X.NASL description Security Fix(es) : - systemd: line splitting via fgets() allows for state injection during daemon-reexec (CVE-2018-15686) - systemd: out-of-bounds read when parsing a crafted syslog message (CVE-2018-16866) - systemd: kills privileged process if unprivileged PIDFile was tampered (CVE-2018-16888) last seen 2020-03-18 modified 2019-08-27 plugin id 128265 published 2019-08-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128265 title Scientific Linux Security Update : systemd on SL7.x x86_64 (20190806) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1382.NASL description This update for systemd fixes the following issues : Security issues fixed : - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non security issues fixed : - dhcp6: split assert_return() to be more debuggable when hit - core: skip unit deserialization and move to the next one when unit_deserialize() fails - core: properly handle deserialization of unknown unit types (#6476) - core: don last seen 2020-06-05 modified 2018-11-11 plugin id 118878 published 2018-11-11 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118878 title openSUSE Security Update : systemd (openSUSE-2018-1382) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0203_SYSTEMD.NASL description An update of the systemd package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 122020 published 2019-02-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122020 title Photon OS 1.0: Systemd PHSA-2019-1.0-0203 NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3644-1.NASL description This update for systemd fixes the following issues : Security issues fixed : CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non security issues fixed: dhcp6: split assert_return() to be more debuggable when hit core: skip unit deserialization and move to the next one when unit_deserialize() fails core: properly handle deserialization of unknown unit types (#6476) core: don last seen 2020-06-01 modified 2020-06-02 plugin id 120157 published 2019-01-02 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120157 title SUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2018:3644-1) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0203_PYTHON2.NASL description An update of the python2 package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 122018 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122018 title Photon OS 1.0: Python2 PHSA-2019-1.0-0203 NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201810-10.NASL description The remote host is affected by the vulnerability described in GLSA-201810-10 (systemd: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in systemd. Please review the CVE identifiers referenced below for details. Impact : An attacker could possibly execute arbitrary code, cause a Denial of Service condition, or gain escalated privileges. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 118510 published 2018-10-31 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118510 title GLSA-201810-10 : systemd: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1423.NASL description This update for systemd fixes the following issues : Security issues fixed : - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non-security issues fixed : - dhcp6: split assert_return() to be more debuggable when hit - core: skip unit deserialization and move to the next one when unit_deserialize() fails - core: properly handle deserialization of unknown unit types (#6476) - core: don last seen 2020-06-05 modified 2018-11-19 plugin id 119028 published 2018-11-19 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119028 title openSUSE Security Update : systemd (openSUSE-2018-1423)
Packetstorm
| data source | https://packetstormsecurity.com/files/download/149972/GS20181026152657.txt |
| id | PACKETSTORM:149972 |
| last seen | 2018-10-26 |
| published | 2018-10-26 |
| reporter | Jann Horn |
| source | https://packetstormsecurity.com/files/149972/Linux-systemd-Line-Splitting.html |
| title | Linux systemd Line Splitting |
Redhat
| advisories |
| ||||||||||||
| rpms |
|
References
- https://github.com/systemd/systemd/pull/10519
- http://www.securityfocus.com/bid/105747
- https://www.exploit-db.com/exploits/45714/
- https://security.gentoo.org/glsa/201810-10
- https://usn.ubuntu.com/3816-1/
- https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html
- https://access.redhat.com/errata/RHSA-2019:2091
- https://access.redhat.com/errata/RHSA-2019:3222
- https://access.redhat.com/errata/RHSA-2020:0593
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E