Vulnerabilities > CVE-2019-3842 - Incorrect Authorization vulnerability in multiple products
Attack vector
LOCAL Attack complexity
HIGH Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any".
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
file | exploits/linux/dos/46743.txt |
id | EDB-ID:46743 |
last seen | 2019-04-23 |
modified | 2019-04-23 |
platform | linux |
port | |
published | 2019-04-23 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/46743 |
title | systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit |
type | dos |
Nessus
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-2_0-0153_SYSTEMD.NASL description An update of the systemd package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 125077 published 2019-05-15 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125077 title Photon OS 2.0: Systemd PHSA-2019-2.0-0153 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2019-2.0-0153. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(125077); script_version("1.2"); script_cvs_date("Date: 2019/05/17 9:44:17"); script_cve_id("CVE-2019-3842"); script_name(english:"Photon OS 2.0: Systemd PHSA-2019-2.0-0153"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the systemd package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-153.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-19788"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/03"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:systemd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-2.0", reference:"systemd-233-19.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"systemd-debuginfo-233-19.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"systemd-devel-233-19.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"systemd-lang-233-19.ph2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd"); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1923.NASL description According to the versions of the systemd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - It was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the last seen 2020-06-01 modified 2020-06-02 plugin id 128926 published 2019-09-17 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128926 title EulerOS Virtualization for ARM 64 3.0.2.0 : systemd (EulerOS-SA-2019-1923) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(128926); script_version("1.2"); script_cvs_date("Date: 2019/09/24 11:01:33"); script_cve_id( "CVE-2018-6954", "CVE-2019-3842" ); script_name(english:"EulerOS Virtualization for ARM 64 3.0.2.0 : systemd (EulerOS-SA-2019-1923)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization for ARM 64 host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the systemd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - It was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the 'allow_active' element rather than 'allow_any'.(CVE-2019-3842) - It has been discovered that systemd-tmpfiles mishandles symbolic links present in non-terminal path components. In some configurations a local user could use this vulnerability to get access to arbitrary files when the systemd-tmpfiles command is run.(CVE-2018-6954) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1923 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?52e39682"); script_set_attribute(attribute:"solution", value: "Update the affected systemd packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/17"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libgudev1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-networkd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-resolved"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-sysv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-udev-compat"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "3.0.2.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.0"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu); flag = 0; pkgs = ["libgudev1-219-62.5.h107", "systemd-219-62.5.h107", "systemd-libs-219-62.5.h107", "systemd-networkd-219-62.5.h107", "systemd-python-219-62.5.h107", "systemd-resolved-219-62.5.h107", "systemd-sysv-219-62.5.h107", "systemd-udev-compat-219-62.5.h107"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1450.NASL description This update for systemd fixes the following issues : Security issues fixed : - CVE-2018-6954: Fixed a vulnerability in the symlink handling of systemd-tmpfiles which allowed a local user to obtain ownership of arbitrary files (bsc#1080919). - CVE-2019-3842: Fixed a vulnerability in pam_systemd which allowed a local user to escalate privileges (bsc#1132348). - CVE-2019-6454: Fixed a denial of service caused by long dbus messages (bsc#1125352). Non-security issues fixed : - systemd-coredump: generate a stack trace of all core dumps (jsc#SLE-5933) - udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) - sd-bus: bump message queue size again (bsc#1132721) - core: only watch processes when it last seen 2020-06-01 modified 2020-06-02 plugin id 125453 published 2019-05-28 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125453 title openSUSE Security Update : systemd (openSUSE-2019-1450) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-1450. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(125453); script_version("1.2"); script_cvs_date("Date: 2019/05/30 11:03:54"); script_cve_id("CVE-2018-6954", "CVE-2019-3842", "CVE-2019-6454"); script_name(english:"openSUSE Security Update : systemd (openSUSE-2019-1450)"); script_summary(english:"Check for the openSUSE-2019-1450 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for systemd fixes the following issues : Security issues fixed : - CVE-2018-6954: Fixed a vulnerability in the symlink handling of systemd-tmpfiles which allowed a local user to obtain ownership of arbitrary files (bsc#1080919). - CVE-2019-3842: Fixed a vulnerability in pam_systemd which allowed a local user to escalate privileges (bsc#1132348). - CVE-2019-6454: Fixed a denial of service caused by long dbus messages (bsc#1125352). Non-security issues fixed : - systemd-coredump: generate a stack trace of all core dumps (jsc#SLE-5933) - udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) - sd-bus: bump message queue size again (bsc#1132721) - core: only watch processes when it's really necessary (bsc#955942 bsc#1128657) - rules: load drivers only on 'add' events (bsc#1126056) - sysctl: Don't pass null directive argument to '%s' (bsc#1121563) - Do not automatically online memory on s390x (bsc#1127557) This update was imported from the SUSE:SLE-12-SP2:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1080919" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121563" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1125352" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1126056" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1127557" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1128657" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130230" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132348" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132400" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132721" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=955942" ); script_set_attribute( attribute:"solution", value:"Update the affected systemd packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0-mini"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0-mini-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev-mini-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev-mini1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev-mini1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev1-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-myhostname"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-myhostname-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-myhostname-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-myhostname-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-mymachines"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-mymachines-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-bash-completion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-logger"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini-bash-completion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini-sysvinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-sysvinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:udev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:udev-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:udev-mini"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:udev-mini-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/13"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.3", reference:"libsystemd0-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsystemd0-debuginfo-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsystemd0-mini-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsystemd0-mini-debuginfo-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libudev-devel-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libudev-mini-devel-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libudev-mini1-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libudev-mini1-debuginfo-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libudev1-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libudev1-debuginfo-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"nss-myhostname-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"nss-myhostname-debuginfo-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"nss-mymachines-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"nss-mymachines-debuginfo-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"systemd-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"systemd-bash-completion-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"systemd-debuginfo-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"systemd-debugsource-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"systemd-devel-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"systemd-logger-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"systemd-mini-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"systemd-mini-bash-completion-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"systemd-mini-debuginfo-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"systemd-mini-debugsource-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"systemd-mini-devel-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"systemd-mini-sysvinit-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"systemd-sysvinit-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"udev-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"udev-debuginfo-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"udev-mini-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"udev-mini-debuginfo-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsystemd0-32bit-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsystemd0-debuginfo-32bit-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libudev1-32bit-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libudev1-debuginfo-32bit-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"nss-myhostname-32bit-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"nss-myhostname-debuginfo-32bit-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"systemd-32bit-228-71.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"systemd-debuginfo-32bit-228-71.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsystemd0-mini / libsystemd0-mini-debuginfo / libudev-mini-devel / etc"); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1599.NASL description According to the version of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - systemd: Spoofing of XDG_SEAT allows for actions to be checked against last seen 2020-05-06 modified 2019-05-29 plugin id 125526 published 2019-05-29 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125526 title EulerOS 2.0 SP3 : systemd (EulerOS-SA-2019-1599) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(125526); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04"); script_cve_id( "CVE-2019-3842" ); script_name(english:"EulerOS 2.0 SP3 : systemd (EulerOS-SA-2019-1599)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - systemd: Spoofing of XDG_SEAT allows for actions to be checked against 'allow_active' instead of 'allow_any'.(CVE-2019-3842) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1599 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a71581ab"); script_set_attribute(attribute:"solution", value: "Update the affected systemd package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/29"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libgudev1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libgudev1-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-sysv"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["libgudev1-219-30.6.h61", "libgudev1-devel-219-30.6.h61", "systemd-219-30.6.h61", "systemd-devel-219-30.6.h61", "systemd-libs-219-30.6.h61", "systemd-python-219-30.6.h61", "systemd-sysv-219-30.6.h61"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd"); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1661.NASL description According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow a cooperating process to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future when the GID will be recycled.(CVE-2019-3844) - It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future when the UID/GID will be recycled.(CVE-2019-3843) - In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the last seen 2020-05-03 modified 2019-06-27 plugin id 126288 published 2019-06-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126288 title EulerOS 2.0 SP8 : systemd (EulerOS-SA-2019-1661) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(126288); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01"); script_cve_id( "CVE-2019-3842", "CVE-2019-3843", "CVE-2019-3844" ); script_name(english:"EulerOS 2.0 SP8 : systemd (EulerOS-SA-2019-1661)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow a cooperating process to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future when the GID will be recycled.(CVE-2019-3844) - It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future when the UID/GID will be recycled.(CVE-2019-3843) - In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the 'allow_active' element rather than 'allow_any'.(CVE-2019-3842) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1661 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?edc44c28"); script_set_attribute(attribute:"solution", value: "Update the affected systemd packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"patch_publication_date", value:"2019/06/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/27"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-container"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-journal-remote"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-pam"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-udev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-udev-compat"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu); flag = 0; pkgs = ["systemd-239-3.h24.eulerosv2r8", "systemd-container-239-3.h24.eulerosv2r8", "systemd-devel-239-3.h24.eulerosv2r8", "systemd-journal-remote-239-3.h24.eulerosv2r8", "systemd-libs-239-3.h24.eulerosv2r8", "systemd-pam-239-3.h24.eulerosv2r8", "systemd-udev-239-3.h24.eulerosv2r8", "systemd-udev-compat-239-3.h24.eulerosv2r8"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1364-1.NASL description This update for systemd fixes the following issues : Security issues fixed : CVE-2019-3842: Fixed a privilege escalation in pam_systemd which could be exploited by a local user (bsc#1132348). CVE-2019-6454: Fixed a denial of service via crafted D-Bus message (bsc#1125352). CVE-2019-3843, CVE-2019-3844: Fixed a privilege escalation where services with DynamicUser could gain new privileges or create SUID/SGID binaries (bsc#1133506, bsc#1133509). Non-security issued fixed: logind: fix killing of scopes (bsc#1125604) namespace: make MountFlags=shared work again (bsc#1124122) rules: load drivers only on last seen 2020-06-01 modified 2020-06-02 plugin id 125537 published 2019-05-29 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125537 title SUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2019:1364-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2019:1364-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(125537); script_version("1.4"); script_cvs_date("Date: 2020/01/15"); script_cve_id("CVE-2019-3842", "CVE-2019-3843", "CVE-2019-3844", "CVE-2019-6454"); script_name(english:"SUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2019:1364-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for systemd fixes the following issues : Security issues fixed : CVE-2019-3842: Fixed a privilege escalation in pam_systemd which could be exploited by a local user (bsc#1132348). CVE-2019-6454: Fixed a denial of service via crafted D-Bus message (bsc#1125352). CVE-2019-3843, CVE-2019-3844: Fixed a privilege escalation where services with DynamicUser could gain new privileges or create SUID/SGID binaries (bsc#1133506, bsc#1133509). Non-security issued fixed: logind: fix killing of scopes (bsc#1125604) namespace: make MountFlags=shared work again (bsc#1124122) rules: load drivers only on 'add' events (bsc#1126056) sysctl: Don't pass null directive argument to '%s' (bsc#1121563) systemd-coredump: generate a stack trace of all core dumps and log into the journal (jsc#SLE-5933) udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) sd-bus: bump message queue size again (bsc#1132721) Do not automatically online memory on s390x (bsc#1127557) Removed sg.conf (bsc#1036463) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1036463" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1121563" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1124122" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1125352" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1125604" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1126056" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1127557" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1130230" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1132348" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1132400" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1132721" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1133506" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1133509" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-3842/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-3843/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-3844/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-6454/" ); # https://www.suse.com/support/update/announcement/2019/suse-su-20191364-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9d71e703" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Module for Open Buildservice Development Tools 15:zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1364=1 SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1364=1" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-3844"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsystemd0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsystemd0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsystemd0-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsystemd0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsystemd0-mini"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsystemd0-mini-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev-mini-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev-mini1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev-mini1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev1-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nss-myhostname"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nss-myhostname-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nss-mymachines"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nss-mymachines-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nss-systemd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nss-systemd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-container"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-container-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-coredump"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-coredump-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-logger"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-mini"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-mini-container-mini"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-mini-container-mini-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-mini-coredump-mini"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-mini-coredump-mini-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-mini-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-mini-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-mini-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-mini-sysvinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-sysvinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:udev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:udev-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:udev-mini"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:udev-mini-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/21"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/29"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp); if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libsystemd0-32bit-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libsystemd0-32bit-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libudev1-32bit-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libudev1-32bit-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"systemd-32bit-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"systemd-32bit-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsystemd0-mini-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsystemd0-mini-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libudev-mini-devel-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libudev-mini1-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libudev-mini1-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"nss-myhostname-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"nss-myhostname-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"nss-mymachines-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"nss-mymachines-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"nss-systemd-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"nss-systemd-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-debugsource-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-logger-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-mini-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-mini-container-mini-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-mini-container-mini-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-mini-coredump-mini-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-mini-coredump-mini-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-mini-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-mini-debugsource-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-mini-devel-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-mini-sysvinit-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"udev-mini-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"udev-mini-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsystemd0-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsystemd0-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libudev-devel-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libudev1-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libudev1-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-container-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-container-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-coredump-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-coredump-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-debugsource-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-devel-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-sysvinit-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"udev-234-24.30.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"udev-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libsystemd0-32bit-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libsystemd0-32bit-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libudev1-32bit-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libudev1-32bit-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"systemd-32bit-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"systemd-32bit-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsystemd0-mini-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsystemd0-mini-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libudev-mini-devel-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libudev-mini1-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libudev-mini1-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"nss-myhostname-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"nss-myhostname-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"nss-mymachines-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"nss-mymachines-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"nss-systemd-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"nss-systemd-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-debugsource-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-logger-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-mini-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-mini-container-mini-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-mini-container-mini-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-mini-coredump-mini-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-mini-coredump-mini-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-mini-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-mini-debugsource-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-mini-devel-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-mini-sysvinit-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"udev-mini-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"udev-mini-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsystemd0-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsystemd0-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libudev-devel-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libudev1-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libudev1-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-container-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-container-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-coredump-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-coredump-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-debuginfo-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-debugsource-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-devel-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-sysvinit-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"udev-234-24.30.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"udev-debuginfo-234-24.30.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd"); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1808.NASL description According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It has been discovered that systemd-tmpfiles mishandles symbolic links present in non-terminal path components. In some configurations a local user could use this vulnerability to get access to arbitrary files when the systemd-tmpfiles command is run.(CVE-2018-6954) - In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the last seen 2020-05-06 modified 2019-08-23 plugin id 128100 published 2019-08-23 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128100 title EulerOS 2.0 SP5 : systemd (EulerOS-SA-2019-1808) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(128100); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04"); script_cve_id( "CVE-2018-6954", "CVE-2019-3842" ); script_name(english:"EulerOS 2.0 SP5 : systemd (EulerOS-SA-2019-1808)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It has been discovered that systemd-tmpfiles mishandles symbolic links present in non-terminal path components. In some configurations a local user could use this vulnerability to get access to arbitrary files when the systemd-tmpfiles command is run.(CVE-2018-6954) - In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the 'allow_active' element rather than 'allow_any'.(CVE-2019-3842) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1808 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4cda2f85"); script_set_attribute(attribute:"solution", value: "Update the affected systemd packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"patch_publication_date", value:"2019/08/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/23"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libgudev1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libgudev1-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-sysv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-udev-compat"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["libgudev1-219-62.5.h105.eulerosv2r7", "libgudev1-devel-219-62.5.h105.eulerosv2r7", "systemd-219-62.5.h105.eulerosv2r7", "systemd-devel-219-62.5.h105.eulerosv2r7", "systemd-libs-219-62.5.h105.eulerosv2r7", "systemd-python-219-62.5.h105.eulerosv2r7", "systemd-sysv-219-62.5.h105.eulerosv2r7", "systemd-udev-compat-219-62.5.h105.eulerosv2r7"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1265-1.NASL description This update for systemd fixes the following issues : Security issues fixed : CVE-2018-6954: Fixed a vulnerability in the symlink handling of systemd-tmpfiles which allowed a local user to obtain ownership of arbitrary files (bsc#1080919). CVE-2019-3842: Fixed a vulnerability in pam_systemd which allowed a local user to escalate privileges (bsc#1132348). CVE-2019-6454: Fixed a denial of service caused by long dbus messages (bsc#1125352). Non-security issues fixed: systemd-coredump: generate a stack trace of all core dumps (jsc#SLE-5933) udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) sd-bus: bump message queue size again (bsc#1132721) core: only watch processes when it last seen 2020-06-01 modified 2020-06-02 plugin id 125244 published 2019-05-17 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125244 title SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2019:1265-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1344.NASL description According to the version of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - systemd: Spoofing of XDG_SEAT allows for actions to be checked against last seen 2020-05-06 modified 2019-05-06 plugin id 124630 published 2019-05-06 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124630 title EulerOS 2.0 SP2 : systemd (EulerOS-SA-2019-1344) NASL family Fedora Local Security Checks NASL id FEDORA_2019-3FA5DB9E19.NASL description Backport more patches : - shared/install: Preserve escape characters for escaped unit names (https://github.com/coreos/bugs/issues/2569) - timedate: fix emitted value when ntp client is enabled/disabled (#1696586) - udev: run programs in the specified order (#1696784) - core: add Manager::honor_device_enumeration flag (https://pagure.io/fedora-silverblue/issue/8) - Various fixes for systemd-networkd, systemd-portabled - Dbus policy fixes - Crash on systax error in sysusers (#1670679) - Do not unescape mount paths received from libmount - Some minor build fixes No need to log out or reboot. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124488 published 2019-05-02 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124488 title Fedora 30 : systemd (2019-3fa5db9e19) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4428.NASL description Jann Horn discovered that the PAM module in systemd insecurely uses the environment and lacks seat verification permitting spoofing an active session to PolicyKit. A remote attacker with SSH access can take advantage of this issue to gain PolicyKit privileges that are normally only granted to clients in an active session on the local console. last seen 2020-06-01 modified 2020-06-02 plugin id 123836 published 2019-04-09 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123836 title Debian DSA-4428-1 : systemd - security update NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3938-1.NASL description Jann Horn discovered that pam_systemd created logind sessions using some parameters from the environment. A local attacker could exploit this in order to spoof the active session and gain additional PolicyKit privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 123930 published 2019-04-09 reporter Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123930 title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : systemd vulnerability (USN-3938-1) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0228_SYSTEMD.NASL description An update of the systemd package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 124867 published 2019-05-14 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124867 title Photon OS 1.0: Systemd PHSA-2019-1.0-0228 NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1364-2.NASL description This update for systemd fixes the following issues : Security issues fixed : CVE-2019-3842: Fixed a privilege escalation in pam_systemd which could be exploited by a local user (bsc#1132348). CVE-2019-6454: Fixed a denial of service via crafted D-Bus message (bsc#1125352). CVE-2019-3843, CVE-2019-3844: Fixed a privilege escalation where services with DynamicUser could gain new privileges or create SUID/SGID binaries (bsc#1133506, bsc#1133509). Non-security issued fixed: logind: fix killing of scopes (bsc#1125604) namespace: make MountFlags=shared work again (bsc#1124122) rules: load drivers only on last seen 2020-06-01 modified 2020-06-02 plugin id 126736 published 2019-07-16 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126736 title SUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2019:1364-2)
Packetstorm
data source | https://packetstormsecurity.com/files/download/152610/GS20190424002035.txt |
id | PACKETSTORM:152610 |
last seen | 2019-04-24 |
published | 2019-04-23 |
reporter | Jann Horn |
source | https://packetstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.html |
title | systemd Seat Verification Active Session Spoofing |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3842
- https://www.exploit-db.com/exploits/46743/
- http://packetstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.html
- https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STR36RJE4ZZIORMDXRERVBHMPRNRTHAC/
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E