Vulnerabilities > CVE-2018-15686 - Deserialization of Untrusted Data vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
debian
canonical
systemd-project
oracle
CWE-502
nessus
exploit available

Summary

A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.

Vulnerable Configurations

Part Description Count
OS
Debian
1
OS
Canonical
3
Application
Systemd_Project
128
Application
Oracle
1

Common Weakness Enumeration (CWE)

Exploit-Db

fileexploits/linux/dos/45714.c
idEDB-ID:45714
last seen2018-11-30
modified2018-10-29
platformlinux
port
published2018-10-29
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/45714
titlesystemd - 'reexec' State Injection
typedos

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2364.NASL
    descriptionAccording to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.(CVE-2018-16888) - In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.(CVE-2018-1049) - A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.(CVE-2018-15686) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-10
    plugin id131856
    published2019-12-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131856
    titleEulerOS 2.0 SP2 : systemd (EulerOS-SA-2019-2364)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131856);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2018-1049",
        "CVE-2018-15686",
        "CVE-2018-16888"
      );
    
      script_name(english:"EulerOS 2.0 SP2 : systemd (EulerOS-SA-2019-2364)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the systemd packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - It was discovered systemd does not correctly check the
        content of PIDFile files before using it to kill
        processes. When a service is run from an unprivileged
        user (e.g. User field set in the service file), a local
        attacker who is able to write to the PIDFile of the
        mentioned service may use this flaw to trick systemd
        into killing other services and/or privileged
        processes. Versions before v237 are
        vulnerable.(CVE-2018-16888)
    
      - In systemd prior to 234 a race condition exists between
        .mount and .automount units such that automount
        requests from kernel may not be serviced by systemd
        resulting in kernel holding the mountpoint and any
        processes that try to use said mount will hang. A race
        condition like this may lead to denial of service,
        until mount points are unmounted.(CVE-2018-1049)
    
      - A vulnerability in unit_deserialize of systemd allows
        an attacker to supply arbitrary state across systemd
        re-execution via NotifyAccess. This can be used to
        improperly influence systemd execution and possibly
        lead to root privilege escalation. Affected releases
        are systemd versions up to and including
        239.(CVE-2018-15686)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2364
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e5af84de");
      script_set_attribute(attribute:"solution", value:
    "Update the affected systemd packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/10");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libgudev1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libgudev1-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-sysv");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["libgudev1-219-30.6.h47",
            "libgudev1-devel-219-30.6.h47",
            "systemd-219-30.6.h47",
            "systemd-devel-219-30.6.h47",
            "systemd-libs-219-30.6.h47",
            "systemd-python-219-30.6.h47",
            "systemd-sysv-219-30.6.h47"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-24BD6C9D4A.NASL
    description - Fix a local vulnerability from a race condition in chown-recursive (CVE-2018-15687, #1643367) - Fix a local vulnerability from invalid handling of long lines in state deserialization (CVE-2018-15686, #1643372) - Fix a remote vulnerability in DHCPv6 in systemd-networkd (CVE-2018-15688, #1643362) - Downgrade logging of various messages and add loging in other places - Many many fixes in error handling and minor memory leaks and such - Fix typos and omissions in documentation - Various smaller improvements to unit ordering and dependencies - Handling of invalid (intentionally corrupt) dbus messages is improved, fixing potential local DOS avenues - The target of symlinks links in .wants/ and .requires/ is now ignored. This fixes an issue where the unit file would sometimes be loaded from such a symlink, leading to non-deterministic unit contents. - Filtering of kernel threads is improved. This fixes an issues with newer kernels where hybrid kernel/user threads are used by bpfilter. - Catalog entries for the journal are improved (#1639482) No need to reboot or log out. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120295
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120295
    titleFedora 28 : systemd (2018-24bd6c9d4a)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-24bd6c9d4a.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120295);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-15686", "CVE-2018-15687", "CVE-2018-15688");
      script_xref(name:"FEDORA", value:"2018-24bd6c9d4a");
    
      script_name(english:"Fedora 28 : systemd (2018-24bd6c9d4a)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Fix a local vulnerability from a race condition in
        chown-recursive (CVE-2018-15687, #1643367)
    
      - Fix a local vulnerability from invalid handling of long
        lines in state deserialization (CVE-2018-15686,
        #1643372)
    
      - Fix a remote vulnerability in DHCPv6 in systemd-networkd
        (CVE-2018-15688, #1643362)
    
      - Downgrade logging of various messages and add loging in
        other places
    
      - Many many fixes in error handling and minor memory leaks
        and such
    
      - Fix typos and omissions in documentation
    
      - Various smaller improvements to unit ordering and
        dependencies
    
      - Handling of invalid (intentionally corrupt) dbus
        messages is improved, fixing potential local DOS avenues
    
      - The target of symlinks links in .wants/ and .requires/
        is now ignored. This fixes an issue where the unit file
        would sometimes be loaded from such a symlink, leading
        to non-deterministic unit contents.
    
      - Filtering of kernel threads is improved. This fixes an
        issues with newer kernels where hybrid kernel/user
        threads are used by bpfilter.
    
      - Catalog entries for the journal are improved (#1639482)
    
    No need to reboot or log out.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-24bd6c9d4a"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected systemd package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:systemd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC28", reference:"systemd-238-10.git438ac26.fc28")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3222.NASL
    descriptionAn update for systemd is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * systemd: line splitting via fgets() allows for state injection during daemon-reexec (CVE-2018-15686) * systemd: out-of-bounds read when parsing a crafted syslog message (CVE-2018-16866) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * Layered slices are left in a
    last seen2020-06-01
    modified2020-06-02
    plugin id130377
    published2019-10-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130377
    titleRHEL 7 : systemd (RHSA-2019:3222)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2019:3222. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130377);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/15");
    
      script_cve_id("CVE-2018-15686", "CVE-2018-16866");
      script_xref(name:"RHSA", value:"2019:3222");
    
      script_name(english:"RHEL 7 : systemd (RHSA-2019:3222)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for systemd is now available for Red Hat Enterprise Linux
    7.6 Extended Update Support.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The systemd packages contain systemd, a system and service manager for
    Linux, compatible with the SysV and LSB init scripts. It provides
    aggressive parallelism capabilities, uses socket and D-Bus activation
    for starting services, offers on-demand starting of daemons, and keeps
    track of processes using Linux cgroups. In addition, it supports
    snapshotting and restoring of the system state, maintains mount and
    automount points, and implements an elaborate transactional
    dependency-based service control logic. It can also work as a drop-in
    replacement for sysvinit.
    
    Security Fix(es) :
    
    * systemd: line splitting via fgets() allows for state injection
    during daemon-reexec (CVE-2018-15686)
    
    * systemd: out-of-bounds read when parsing a crafted syslog message
    (CVE-2018-16866)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section.
    
    Bug Fix(es) :
    
    * Layered slices are left in a 'dead' state if slices are stopped that
    have child slices underneath (BZ#1729227)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2019:3222"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-15686"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-16866"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libgudev1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libgudev1-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-journal-gateway");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-networkd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-resolved");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-sysv");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/10/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2019:3222";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", sp:"6", reference:"libgudev1-219-62.el7_6.11")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390", reference:"libgudev1-219-62.el7_6.11")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libgudev1-219-62.el7_6.11")) flag++;
    
      if (rpm_check(release:"RHEL7", sp:"6", reference:"libgudev1-devel-219-62.el7_6.11")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390", reference:"libgudev1-devel-219-62.el7_6.11")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libgudev1-devel-219-62.el7_6.11")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"systemd-219-62.el7_6.11")) flag++;
    
      if (rpm_check(release:"RHEL7", sp:"6", cpu:"x86_64", reference:"systemd-219-62.el7_6.11")) flag++;
    
      if (rpm_check(release:"RHEL7", sp:"6", reference:"systemd-debuginfo-219-62.el7_6.11")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390", reference:"systemd-debuginfo-219-62.el7_6.11")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"systemd-debuginfo-219-62.el7_6.11")) flag++;
    
      if (rpm_check(release:"RHEL7", sp:"6", reference:"systemd-devel-219-62.el7_6.11")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390", reference:"systemd-devel-219-62.el7_6.11")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"systemd-devel-219-62.el7_6.11")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"systemd-journal-gateway-219-62.el7_6.11")) flag++;
    
      if (rpm_check(release:"RHEL7", sp:"6", cpu:"x86_64", reference:"systemd-journal-gateway-219-62.el7_6.11")) flag++;
    
      if (rpm_check(release:"RHEL7", sp:"6", reference:"systemd-libs-219-62.el7_6.11")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390", reference:"systemd-libs-219-62.el7_6.11")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"systemd-libs-219-62.el7_6.11")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"systemd-networkd-219-62.el7_6.11")) flag++;
    
      if (rpm_check(release:"RHEL7", sp:"6", cpu:"x86_64", reference:"systemd-networkd-219-62.el7_6.11")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"systemd-python-219-62.el7_6.11")) flag++;
    
      if (rpm_check(release:"RHEL7", sp:"6", cpu:"x86_64", reference:"systemd-python-219-62.el7_6.11")) flag++;
    
      if (rpm_check(release:"RHEL7", sp:"6", reference:"systemd-resolved-219-62.el7_6.11")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390", reference:"systemd-resolved-219-62.el7_6.11")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"systemd-resolved-219-62.el7_6.11")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"systemd-sysv-219-62.el7_6.11")) flag++;
    
      if (rpm_check(release:"RHEL7", sp:"6", cpu:"x86_64", reference:"systemd-sysv-219-62.el7_6.11")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libgudev1 / libgudev1-devel / systemd / systemd-debuginfo / etc");
      }
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0203_BINUTILS.NASL
    descriptionAn update of the binutils package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id122014
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122014
    titlePhoton OS 1.0: Binutils PHSA-2019-1.0-0203
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2019-1.0-0203. The text
    # itself is copyright (C) VMware, Inc.
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(122014);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2019/02/07");
    
      script_cve_id(
        "CVE-2018-17794",
        "CVE-2018-18484",
        "CVE-2018-18605",
        "CVE-2018-18606",
        "CVE-2018-18607"
      );
    
      script_name(english:"Photon OS 1.0: Binutils PHSA-2019-1.0-0203");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the binutils package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-203.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-15686");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/01/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:binutils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-2.31-2.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-2.31-2.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-2.31-2.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-2.31-2.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-2.31-2.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-debuginfo-2.31-2.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-debuginfo-2.31-2.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-debuginfo-2.31-2.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-debuginfo-2.31-2.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-debuginfo-2.31-2.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-devel-2.31-2.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-devel-2.31-2.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-devel-2.31-2.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-devel-2.31-2.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-devel-2.31-2.ph1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "binutils");
    }
    
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0196_SYSTEMD.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has systemd packages installed that are affected by multiple vulnerabilities: - A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re- execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239. (CVE-2018-15686) - It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable. (CVE-2018-16888) - An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon
    last seen2020-06-01
    modified2020-06-02
    plugin id129929
    published2019-10-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129929
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : systemd Multiple Vulnerabilities (NS-SA-2019-0196)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from ZTE advisory NS-SA-2019-0196. The text
    # itself is copyright (C) ZTE, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(129929);
      script_version("1.2");
      script_cvs_date("Date: 2019/10/17 14:31:05");
    
      script_cve_id("CVE-2018-15686", "CVE-2018-16866", "CVE-2018-16888");
    
      script_name(english:"NewStart CGSL CORE 5.04 / MAIN 5.04 : systemd Multiple Vulnerabilities (NS-SA-2019-0196)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote machine is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has systemd packages installed that are affected
    by multiple vulnerabilities:
    
      - A vulnerability in unit_deserialize of systemd allows an
        attacker to supply arbitrary state across systemd re-
        execution via NotifyAccess. This can be used to
        improperly influence systemd execution and possibly lead
        to root privilege escalation. Affected releases are
        systemd versions up to and including 239.
        (CVE-2018-15686)
    
      - It was discovered systemd does not correctly check the
        content of PIDFile files before using it to kill
        processes. When a service is run from an unprivileged
        user (e.g. User field set in the service file), a local
        attacker who is able to write to the PIDFile of the
        mentioned service may use this flaw to trick systemd
        into killing other services and/or privileged processes.
        Versions before v237 are vulnerable. (CVE-2018-16888)
    
      - An out of bounds read was discovered in systemd-journald
        in the way it parses log messages that terminate with a
        colon ':'. A local attacker can use this flaw to
        disclose process memory data. Versions from v221 to v239
        are vulnerable. (CVE-2018-16866)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0196");
      script_set_attribute(attribute:"solution", value:
    "Upgrade the vulnerable CGSL systemd packages. Note that updated packages may not be available yet. Please contact ZTE
    for more information.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-15686");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/10/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/15");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"NewStart CGSL Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/ZTE-CGSL/release");
    if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");
    
    if (release !~ "CGSL CORE 5.04" &&
        release !~ "CGSL MAIN 5.04")
      audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');
    
    if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);
    
    flag = 0;
    
    pkgs = {
      "CGSL CORE 5.04": [
        "libgudev1-219-67.el7.cgslv5.0.14.g2212dcb.lite",
        "libgudev1-devel-219-67.el7.cgslv5.0.14.g2212dcb.lite",
        "systemd-219-67.el7.cgslv5.0.14.g2212dcb.lite",
        "systemd-debuginfo-219-67.el7.cgslv5.0.14.g2212dcb.lite",
        "systemd-devel-219-67.el7.cgslv5.0.14.g2212dcb.lite",
        "systemd-journal-gateway-219-67.el7.cgslv5.0.14.g2212dcb.lite",
        "systemd-libs-219-67.el7.cgslv5.0.14.g2212dcb.lite",
        "systemd-networkd-219-67.el7.cgslv5.0.14.g2212dcb.lite",
        "systemd-python-219-67.el7.cgslv5.0.14.g2212dcb.lite",
        "systemd-resolved-219-67.el7.cgslv5.0.14.g2212dcb.lite",
        "systemd-sysv-219-67.el7.cgslv5.0.14.g2212dcb.lite"
      ],
      "CGSL MAIN 5.04": [
        "libgudev1-219-67.el7.cgslv5.0.10.gf4ec716",
        "libgudev1-devel-219-67.el7.cgslv5.0.10.gf4ec716",
        "systemd-219-67.el7.cgslv5.0.10.gf4ec716",
        "systemd-debuginfo-219-67.el7.cgslv5.0.10.gf4ec716",
        "systemd-devel-219-67.el7.cgslv5.0.10.gf4ec716",
        "systemd-journal-gateway-219-67.el7.cgslv5.0.10.gf4ec716",
        "systemd-libs-219-67.el7.cgslv5.0.10.gf4ec716",
        "systemd-networkd-219-67.el7.cgslv5.0.10.gf4ec716",
        "systemd-python-219-67.el7.cgslv5.0.10.gf4ec716",
        "systemd-resolved-219-67.el7.cgslv5.0.10.gf4ec716",
        "systemd-sysv-219-67.el7.cgslv5.0.10.gf4ec716"
      ]
    };
    pkg_list = pkgs[release];
    
    foreach (pkg in pkg_list)
      if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0203_STRONGSWAN.NASL
    descriptionAn update of the strongswan package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id122019
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122019
    titlePhoton OS 1.0: Strongswan PHSA-2019-1.0-0203
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3767-2.NASL
    descriptionThis update for systemd fixes the following issues : Security issues fixed : CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non-security issues fixed: dhcp6: split assert_return() to be more debuggable when hit core: skip unit deserialization and move to the next one when unit_deserialize() fails core: properly handle deserialization of unknown unit types (#6476) core: don
    last seen2020-06-01
    modified2020-06-02
    plugin id119575
    published2018-12-11
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119575
    titleSUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2018:3767-2)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0203_NET.NASL
    descriptionAn update of the net package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id122017
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122017
    titlePhoton OS 1.0: Net PHSA-2019-1.0-0203
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1580.NASL
    descriptionsystemd was found to suffer from multiple security vulnerabilities ranging from denial of service attacks to possible root privilege escalation. CVE-2018-1049 A race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted. CVE-2018-15686 A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. CVE-2018-15688 A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd, which is not enabled by default in Debian. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id119039
    published2018-11-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119039
    titleDebian DLA-1580-1 : systemd security update
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-2091.NASL
    descriptionAn update for systemd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * systemd: line splitting via fgets() allows for state injection during daemon-reexec (CVE-2018-15686) * systemd: out-of-bounds read when parsing a crafted syslog message (CVE-2018-16866) * systemd: kills privileged process if unprivileged PIDFile was tampered (CVE-2018-16888) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id128350
    published2019-08-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128350
    titleCentOS 7 : systemd (CESA-2019:2091)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0203_CURL.NASL
    descriptionAn update of the curl package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id122015
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122015
    titlePhoton OS 1.0: Curl PHSA-2019-1.0-0203
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2232.NASL
    descriptionAccording to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.(CVE-2018-16888) - A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.(CVE-2018-15686) - An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon
    last seen2020-05-08
    modified2019-11-08
    plugin id130694
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130694
    titleEulerOS 2.0 SP5 : systemd (EulerOS-SA-2019-2232)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1264.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1264 advisory. - systemd: line splitting via fgets() allows for state injection during daemon-reexec (CVE-2018-15686) - systemd: out-of-bounds read when parsing a crafted syslog message (CVE-2018-16866) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-01
    plugin id135087
    published2020-04-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135087
    titleRHEL 7 : systemd (RHSA-2020:1264)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2091.NASL
    descriptionAn update for systemd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * systemd: line splitting via fgets() allows for state injection during daemon-reexec (CVE-2018-15686) * systemd: out-of-bounds read when parsing a crafted syslog message (CVE-2018-16866) * systemd: kills privileged process if unprivileged PIDFile was tampered (CVE-2018-16888) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127669
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127669
    titleRHEL 7 : systemd (RHSA-2019:2091)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1998.NASL
    descriptionAccording to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It has been discovered that systemd-tmpfiles mishandles symbolic links present in non-terminal path components. In some configurations a local user could use this vulnerability to get access to arbitrary files when the systemd-tmpfiles command is run.(CVE-2018-6954) - An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon
    last seen2020-05-08
    modified2019-09-24
    plugin id129191
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129191
    titleEulerOS 2.0 SP3 : systemd (EulerOS-SA-2019-1998)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3816-1.NASL
    descriptionJann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. (CVE-2018-15686) Jann Horn discovered a race condition in chown_one(). A local attacker could potentially exploit this by setting arbitrary permissions on certain files to obtain root privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-15687) It was discovered that systemd-tmpfiles mishandled symlinks in non-terminal path components. A local attacker could potentially exploit this by gaining ownership of certain files to obtain root privileges. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-6954). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118907
    published2018-11-13
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118907
    titleUbuntu 16.04 LTS / 18.04 LTS / 18.10 : systemd vulnerabilities (USN-3816-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1451.NASL
    descriptionAccording to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.(CVE-2018-16888) - An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon
    last seen2020-04-30
    modified2020-04-16
    plugin id135613
    published2020-04-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135613
    titleEulerOS Virtualization 3.0.2.2 : systemd (EulerOS-SA-2020-1451)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0054-1.NASL
    descriptionThis update for systemd fixes the following issues : Fix security vulnerabilities CVE-2018-16864 and CVE-2018-16865 (bsc#1120323): Both issues were memory corruptions via attacker-controlled alloca which could have been used to gain root privileges by a local attacker. Fix security vulnerability CVE-2018-15686 (bsc#1113665): A vulnerability in unit_deserialize of systemd used to allow an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This could have been used to improperly influence systemd execution and possibly lead to root privilege escalation. Remedy 2048 character line-length limit in systemd-sysctl code that would cause parser failures if /etc/sysctl.conf contained lines that exceeded this length (bsc#1071558). Fix a bug in systemd
    last seen2020-06-01
    modified2020-06-02
    plugin id121061
    published2019-01-10
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121061
    titleSUSE SLES12 Security Update : systemd (SUSE-SU-2019:0054-1)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0242_SYSTEMD.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has systemd packages installed that are affected by multiple vulnerabilities: - A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re- execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239. (CVE-2018-15686) - It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable. (CVE-2018-16888) - An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon
    last seen2020-06-01
    modified2020-06-02
    plugin id132460
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132460
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : systemd Multiple Vulnerabilities (NS-SA-2019-0242)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-909.NASL
    descriptionThis update for systemd fixes the following issues : Security issues fixed : - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non security issues fixed : - dhcp6: split assert_return() to be more debuggable when hit - core: skip unit deserialization and move to the next one when unit_deserialize() fails - core: properly handle deserialization of unknown unit types (#6476) - core: don
    last seen2020-06-01
    modified2020-06-02
    plugin id123371
    published2019-03-27
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123371
    titleopenSUSE Security Update : systemd (openSUSE-2019-909)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3816-2.NASL
    descriptionUSN-3816-1 fixed several vulnerabilities in systemd. However, the fix for CVE-2018-6954 was not sufficient. This update provides the remaining fixes. We apologize for the inconvenience. Original advisory details : Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. (CVE-2018-15686) Jann Horn discovered a race condition in chown_one(). A local attacker could potentially exploit this by setting arbitrary permissions on certain files to obtain root privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-15687) It was discovered that systemd-tmpfiles mishandled symlinks in non-terminal path components. A local attacker could potentially exploit this by gaining ownership of certain files to obtain root privileges. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-6954). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id119043
    published2018-11-20
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119043
    titleUbuntu 16.04 LTS / 18.04 LTS / 18.10 : systemd vulnerability (USN-3816-2)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0053-1.NASL
    descriptionThis update for systemd fixes the following issues : Fix security vulnerabilities CVE-2018-16864 and CVE-2018-16865 (bsc#1120323): Both issues were memory corruptions via attacker-controlled alloca which could have been used to gain root privileges by a local attacker. Fix security vulnerability CVE-2018-15686 (bsc#1113665): A vulnerability in unit_deserialize of systemd used to allow an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This could have been used to improperly influence systemd execution and possibly lead to root privilege escalation. Remedy 2048 character line-length limit in systemd-sysctl code that would cause parser failures if /etc/sysctl.conf contained lines that exceeded this length (bsc#1071558). Fix a bug in systemd
    last seen2020-06-01
    modified2020-06-02
    plugin id121060
    published2019-01-10
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121060
    titleSUSE SLES12 Security Update : systemd (SUSE-SU-2019:0053-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3816-3.NASL
    descriptionUSN-3816-1 fixed vulnerabilities in systemd. The fix for CVE-2018-6954 caused a regression in systemd-tmpfiles when running Ubuntu inside a container on some older kernels. This issue only affected Ubuntu 16.04 LTS. In order to continue to support this configuration, the fixes for CVE-2018-6954 have been reverted. We apologize for the inconvenience. Original advisory details : Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. (CVE-2018-15686) Jann Horn discovered a race condition in chown_one(). A local attacker could potentially exploit this by setting arbitrary permissions on certain files to obtain root privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-15687) It was discovered that systemd-tmpfiles mishandled symlinks in non-terminal path components. A local attacker could potentially exploit this by gaining ownership of certain files to obtain root privileges. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-6954). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id119253
    published2018-11-28
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119253
    titleUbuntu 16.04 LTS : systemd regression (USN-3816-3)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0203_HTTPD.NASL
    descriptionAn update of the httpd package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id122016
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122016
    titlePhoton OS 1.0: Httpd PHSA-2019-1.0-0203
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0593.NASL
    descriptionAn update for systemd is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * systemd: line splitting via fgets() allows for state injection during daemon-reexec (CVE-2018-15686) * systemd: out-of-bounds read when parsing a crafted syslog message (CVE-2018-16866) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-03-18
    modified2020-02-26
    plugin id134065
    published2020-02-26
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134065
    titleRHEL 7 : systemd (RHSA-2020:0593)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1216.NASL
    descriptionAccording to the versions of the systemd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.(CVE-2018-16888) - An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon
    last seen2020-03-19
    modified2020-03-13
    plugin id134505
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134505
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : systemd (EulerOS-SA-2020-1216)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3767-1.NASL
    descriptionThis update for systemd fixes the following issues : Security issues fixed : CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non-security issues fixed: dhcp6: split assert_return() to be more debuggable when hit core: skip unit deserialization and move to the next one when unit_deserialize() fails core: properly handle deserialization of unknown unit types (#6476) core: don
    last seen2020-06-01
    modified2020-06-02
    plugin id118965
    published2018-11-15
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118965
    titleSUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2018:3767-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-C402EEA18B.NASL
    description - Fix a local vulnerability from a race condition in chown-recursive (CVE-2018-15687, #1639076) - Fix a local vulnerability from invalid handling of long lines in state deserialization (CVE-2018-15686, #1639071) - Fix a remote vulnerability in DHCPv6 in systemd-networkd (CVE-2018-15688, #1639067) - The DHCP server is started only when link is UP - DHCPv6 prefix delegation is improved - Downgrade logging of various messages and add loging in other places - Many many fixes in error handling and minor memory leaks and such - Fix typos and omissions in documentation - Typo in %%_environmnentdir rpm macro is fixed (with backwards compatibility preserved) - Matching by MACAddress= in systemd-networkd is fixed - Creation of user runtime directories is improved, and the user manager is only stopped after 10 s after the user logs out (#1642460 and other bugs) - systemd units systemd-timesyncd, systemd-resolved, systemd-networkd are switched back to use DynamicUser=0 - Aliases are now resolved when loading modules from pid1. This is a (redundant) fix for a brief kernel regression. -
    last seen2020-06-05
    modified2019-01-03
    plugin id120769
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120769
    titleFedora 29 : systemd (2018-c402eea18b)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190806_SYSTEMD_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - systemd: line splitting via fgets() allows for state injection during daemon-reexec (CVE-2018-15686) - systemd: out-of-bounds read when parsing a crafted syslog message (CVE-2018-16866) - systemd: kills privileged process if unprivileged PIDFile was tampered (CVE-2018-16888)
    last seen2020-03-18
    modified2019-08-27
    plugin id128265
    published2019-08-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128265
    titleScientific Linux Security Update : systemd on SL7.x x86_64 (20190806)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1382.NASL
    descriptionThis update for systemd fixes the following issues : Security issues fixed : - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non security issues fixed : - dhcp6: split assert_return() to be more debuggable when hit - core: skip unit deserialization and move to the next one when unit_deserialize() fails - core: properly handle deserialization of unknown unit types (#6476) - core: don
    last seen2020-06-05
    modified2018-11-11
    plugin id118878
    published2018-11-11
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118878
    titleopenSUSE Security Update : systemd (openSUSE-2018-1382)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0203_SYSTEMD.NASL
    descriptionAn update of the systemd package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id122020
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122020
    titlePhoton OS 1.0: Systemd PHSA-2019-1.0-0203
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3644-1.NASL
    descriptionThis update for systemd fixes the following issues : Security issues fixed : CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non security issues fixed: dhcp6: split assert_return() to be more debuggable when hit core: skip unit deserialization and move to the next one when unit_deserialize() fails core: properly handle deserialization of unknown unit types (#6476) core: don
    last seen2020-06-01
    modified2020-06-02
    plugin id120157
    published2019-01-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120157
    titleSUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2018:3644-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0203_PYTHON2.NASL
    descriptionAn update of the python2 package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id122018
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122018
    titlePhoton OS 1.0: Python2 PHSA-2019-1.0-0203
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201810-10.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201810-10 (systemd: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in systemd. Please review the CVE identifiers referenced below for details. Impact : An attacker could possibly execute arbitrary code, cause a Denial of Service condition, or gain escalated privileges. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id118510
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118510
    titleGLSA-201810-10 : systemd: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1423.NASL
    descriptionThis update for systemd fixes the following issues : Security issues fixed : - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non-security issues fixed : - dhcp6: split assert_return() to be more debuggable when hit - core: skip unit deserialization and move to the next one when unit_deserialize() fails - core: properly handle deserialization of unknown unit types (#6476) - core: don
    last seen2020-06-05
    modified2018-11-19
    plugin id119028
    published2018-11-19
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119028
    titleopenSUSE Security Update : systemd (openSUSE-2018-1423)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/149972/GS20181026152657.txt
idPACKETSTORM:149972
last seen2018-10-26
published2018-10-26
reporterJann Horn
sourcehttps://packetstormsecurity.com/files/149972/Linux-systemd-Line-Splitting.html
titleLinux systemd Line Splitting

Redhat

advisories
  • rhsa
    idRHSA-2019:2091
  • rhsa
    idRHSA-2019:3222
  • rhsa
    idRHSA-2020:0593
rpms
  • libgudev1-0:219-67.el7
  • libgudev1-devel-0:219-67.el7
  • systemd-0:219-67.el7
  • systemd-debuginfo-0:219-67.el7
  • systemd-devel-0:219-67.el7
  • systemd-journal-gateway-0:219-67.el7
  • systemd-libs-0:219-67.el7
  • systemd-networkd-0:219-67.el7
  • systemd-python-0:219-67.el7
  • systemd-resolved-0:219-67.el7
  • systemd-sysv-0:219-67.el7
  • libgudev1-0:219-62.el7_6.11
  • libgudev1-devel-0:219-62.el7_6.11
  • systemd-0:219-62.el7_6.11
  • systemd-debuginfo-0:219-62.el7_6.11
  • systemd-devel-0:219-62.el7_6.11
  • systemd-journal-gateway-0:219-62.el7_6.11
  • systemd-libs-0:219-62.el7_6.11
  • systemd-networkd-0:219-62.el7_6.11
  • systemd-python-0:219-62.el7_6.11
  • systemd-resolved-0:219-62.el7_6.11
  • systemd-sysv-0:219-62.el7_6.11
  • libgudev1-0:219-42.el7_4.20
  • libgudev1-devel-0:219-42.el7_4.20
  • systemd-0:219-42.el7_4.20
  • systemd-debuginfo-0:219-42.el7_4.20
  • systemd-devel-0:219-42.el7_4.20
  • systemd-journal-gateway-0:219-42.el7_4.20
  • systemd-libs-0:219-42.el7_4.20
  • systemd-networkd-0:219-42.el7_4.20
  • systemd-python-0:219-42.el7_4.20
  • systemd-resolved-0:219-42.el7_4.20
  • systemd-sysv-0:219-42.el7_4.20
  • libgudev1-0:219-57.el7_5.9
  • libgudev1-devel-0:219-57.el7_5.9
  • systemd-0:219-57.el7_5.9
  • systemd-debuginfo-0:219-57.el7_5.9
  • systemd-devel-0:219-57.el7_5.9
  • systemd-journal-gateway-0:219-57.el7_5.9
  • systemd-libs-0:219-57.el7_5.9
  • systemd-networkd-0:219-57.el7_5.9
  • systemd-python-0:219-57.el7_5.9
  • systemd-resolved-0:219-57.el7_5.9
  • systemd-sysv-0:219-57.el7_5.9