Vulnerabilities > CVE-2019-6454 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH

Summary

An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).

Vulnerable Configurations

Part Description Count
Application
Systemd_Project
1
Application
Netapp
1
Application
Mcafee
111
OS
Opensuse
1
OS
Debian
2
OS
Fedoraproject
1
OS
Canonical
3
OS
Redhat
43

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1502.NASL
    descriptionAn update for systemd is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash (CVE-2019-6454) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * Race between systemctl start (and likely others) vs systemctl daemon-reload (BZ#1709184) * systemd segfaults running test case https://github.com/systemd/ systemd-fedora-ci/tree/master/issue-1981 (BZ#1709185) * systemd doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id126025
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126025
    titleRHEL 7 : systemd (RHSA-2019:1502)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2019:1502. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126025);
      script_version("1.5");
      script_cvs_date("Date: 2020/01/10");
    
      script_cve_id("CVE-2019-6454");
      script_xref(name:"RHSA", value:"2019:1502");
    
      script_name(english:"RHEL 7 : systemd (RHSA-2019:1502)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for systemd is now available for Red Hat Enterprise Linux
    7.4 Extended Update Support.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The systemd packages contain systemd, a system and service manager for
    Linux, compatible with the SysV and LSB init scripts. It provides
    aggressive parallelism capabilities, uses socket and D-Bus activation
    for starting services, offers on-demand starting of daemons, and keeps
    track of processes using Linux cgroups. In addition, it supports
    snapshotting and restoring of the system state, maintains mount and
    automount points, and implements an elaborate transactional
    dependency-based service control logic. It can also work as a drop-in
    replacement for sysvinit.
    
    Security Fix(es) :
    
    * systemd: Insufficient input validation in bus_process_object()
    resulting in PID 1 crash (CVE-2019-6454)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section.
    
    Bug Fix(es) :
    
    * Race between systemctl start (and likely others) vs systemctl
    daemon-reload (BZ#1709184)
    
    * systemd segfaults running test case https://github.com/systemd/
    systemd-fedora-ci/tree/master/issue-1981 (BZ#1709185)
    
    * systemd doesn't delete stub unit files created for session scopes
    (BZ# 1709187)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2019:1502"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-6454"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libgudev1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libgudev1-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-journal-gateway");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-networkd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-resolved");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-sysv");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/19");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7\.4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.4", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2019:1502";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", sp:"4", reference:"libgudev1-219-42.el7_4.16")) flag++;
      if (rpm_check(release:"RHEL7", sp:"4", reference:"libgudev1-devel-219-42.el7_4.16")) flag++;
      if (rpm_check(release:"RHEL7", sp:"4", cpu:"s390x", reference:"systemd-219-42.el7_4.16")) flag++;
      if (rpm_check(release:"RHEL7", sp:"4", cpu:"x86_64", reference:"systemd-219-42.el7_4.16")) flag++;
      if (rpm_check(release:"RHEL7", sp:"4", reference:"systemd-debuginfo-219-42.el7_4.16")) flag++;
      if (rpm_check(release:"RHEL7", sp:"4", reference:"systemd-devel-219-42.el7_4.16")) flag++;
      if (rpm_check(release:"RHEL7", sp:"4", cpu:"s390x", reference:"systemd-journal-gateway-219-42.el7_4.16")) flag++;
      if (rpm_check(release:"RHEL7", sp:"4", cpu:"x86_64", reference:"systemd-journal-gateway-219-42.el7_4.16")) flag++;
      if (rpm_check(release:"RHEL7", sp:"4", reference:"systemd-libs-219-42.el7_4.16")) flag++;
      if (rpm_check(release:"RHEL7", sp:"4", cpu:"s390x", reference:"systemd-networkd-219-42.el7_4.16")) flag++;
      if (rpm_check(release:"RHEL7", sp:"4", cpu:"x86_64", reference:"systemd-networkd-219-42.el7_4.16")) flag++;
      if (rpm_check(release:"RHEL7", sp:"4", cpu:"s390x", reference:"systemd-python-219-42.el7_4.16")) flag++;
      if (rpm_check(release:"RHEL7", sp:"4", cpu:"x86_64", reference:"systemd-python-219-42.el7_4.16")) flag++;
      if (rpm_check(release:"RHEL7", sp:"4", reference:"systemd-resolved-219-42.el7_4.16")) flag++;
      if (rpm_check(release:"RHEL7", sp:"4", cpu:"s390x", reference:"systemd-sysv-219-42.el7_4.16")) flag++;
      if (rpm_check(release:"RHEL7", sp:"4", cpu:"x86_64", reference:"systemd-sysv-219-42.el7_4.16")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libgudev1 / libgudev1-devel / systemd / systemd-debuginfo / etc");
      }
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-0368.NASL
    descriptionFrom Red Hat Security Advisory 2019:0368 : An update for systemd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash (CVE-2019-6454) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id122325
    published2019-02-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122325
    titleOracle Linux 7 : systemd (ELSA-2019-0368)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2019:0368 and 
    # Oracle Linux Security Advisory ELSA-2019-0368 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122325);
      script_version("1.4");
      script_cvs_date("Date: 2020/02/10");
    
      script_cve_id("CVE-2019-6454");
      script_xref(name:"RHSA", value:"2019:0368");
    
      script_name(english:"Oracle Linux 7 : systemd (ELSA-2019-0368)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2019:0368 :
    
    An update for systemd is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The systemd packages contain systemd, a system and service manager for
    Linux, compatible with the SysV and LSB init scripts. It provides
    aggressive parallelism capabilities, uses socket and D-Bus activation
    for starting services, offers on-demand starting of daemons, and keeps
    track of processes using Linux cgroups. In addition, it supports
    snapshotting and restoring of the system state, maintains mount and
    automount points, and implements an elaborate transactional
    dependency-based service control logic. It can also work as a drop-in
    replacement for sysvinit.
    
    Security Fix(es) :
    
    * systemd: Insufficient input validation in bus_process_object()
    resulting in PID 1 crash (CVE-2019-6454)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2019-February/008492.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected systemd packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libgudev1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libgudev1-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:systemd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:systemd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:systemd-journal-gateway");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:systemd-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:systemd-networkd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:systemd-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:systemd-resolved");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:systemd-sysv");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/02/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libgudev1-219-62.0.4.el7_6.5")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libgudev1-devel-219-62.0.4.el7_6.5")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"systemd-219-62.0.4.el7_6.5")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"systemd-devel-219-62.0.4.el7_6.5")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"systemd-journal-gateway-219-62.0.4.el7_6.5")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"systemd-libs-219-62.0.4.el7_6.5")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"systemd-networkd-219-62.0.4.el7_6.5")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"systemd-python-219-62.0.4.el7_6.5")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"systemd-resolved-219-62.0.4.el7_6.5")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"systemd-sysv-219-62.0.4.el7_6.5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libgudev1 / libgudev1-devel / systemd / systemd-devel / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1450.NASL
    descriptionThis update for systemd fixes the following issues : Security issues fixed : - CVE-2018-6954: Fixed a vulnerability in the symlink handling of systemd-tmpfiles which allowed a local user to obtain ownership of arbitrary files (bsc#1080919). - CVE-2019-3842: Fixed a vulnerability in pam_systemd which allowed a local user to escalate privileges (bsc#1132348). - CVE-2019-6454: Fixed a denial of service caused by long dbus messages (bsc#1125352). Non-security issues fixed : - systemd-coredump: generate a stack trace of all core dumps (jsc#SLE-5933) - udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) - sd-bus: bump message queue size again (bsc#1132721) - core: only watch processes when it
    last seen2020-06-01
    modified2020-06-02
    plugin id125453
    published2019-05-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125453
    titleopenSUSE Security Update : systemd (openSUSE-2019-1450)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-1450.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125453);
      script_version("1.2");
      script_cvs_date("Date: 2019/05/30 11:03:54");
    
      script_cve_id("CVE-2018-6954", "CVE-2019-3842", "CVE-2019-6454");
    
      script_name(english:"openSUSE Security Update : systemd (openSUSE-2019-1450)");
      script_summary(english:"Check for the openSUSE-2019-1450 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for systemd fixes the following issues :
    
    Security issues fixed :
    
      - CVE-2018-6954: Fixed a vulnerability in the symlink
        handling of systemd-tmpfiles which allowed a local user
        to obtain ownership of arbitrary files (bsc#1080919).
    
      - CVE-2019-3842: Fixed a vulnerability in pam_systemd
        which allowed a local user to escalate privileges
        (bsc#1132348).
    
      - CVE-2019-6454: Fixed a denial of service caused by long
        dbus messages (bsc#1125352).
    
    Non-security issues fixed :
    
      - systemd-coredump: generate a stack trace of all core
        dumps (jsc#SLE-5933)
    
      - udevd: notify when max number value of children is
        reached only once per batch of events (bsc#1132400)
    
      - sd-bus: bump message queue size again (bsc#1132721)
    
      - core: only watch processes when it's really necessary
        (bsc#955942 bsc#1128657)
    
      - rules: load drivers only on 'add' events (bsc#1126056)
    
      - sysctl: Don't pass null directive argument to '%s'
        (bsc#1121563)
    
      - Do not automatically online memory on s390x
        (bsc#1127557)
    
    This update was imported from the SUSE:SLE-12-SP2:Update update
    project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1080919"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121563"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1125352"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1126056"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1127557"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1128657"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130230"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132348"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132400"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132721"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=955942"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected systemd packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0-mini");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0-mini-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev-mini-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev-mini1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev-mini1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev1-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev1-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-myhostname");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-myhostname-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-myhostname-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-myhostname-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-mymachines");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-mymachines-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-bash-completion");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-logger");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini-bash-completion");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini-sysvinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-sysvinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:udev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:udev-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:udev-mini");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:udev-mini-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.3", reference:"libsystemd0-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libsystemd0-debuginfo-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libsystemd0-mini-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libsystemd0-mini-debuginfo-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libudev-devel-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libudev-mini-devel-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libudev-mini1-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libudev-mini1-debuginfo-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libudev1-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libudev1-debuginfo-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"nss-myhostname-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"nss-myhostname-debuginfo-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"nss-mymachines-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"nss-mymachines-debuginfo-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"systemd-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"systemd-bash-completion-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"systemd-debuginfo-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"systemd-debugsource-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"systemd-devel-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"systemd-logger-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"systemd-mini-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"systemd-mini-bash-completion-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"systemd-mini-debuginfo-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"systemd-mini-debugsource-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"systemd-mini-devel-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"systemd-mini-sysvinit-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"systemd-sysvinit-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"udev-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"udev-debuginfo-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"udev-mini-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"udev-mini-debuginfo-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsystemd0-32bit-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsystemd0-debuginfo-32bit-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libudev1-32bit-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libudev1-debuginfo-32bit-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"nss-myhostname-32bit-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"nss-myhostname-debuginfo-32bit-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"systemd-32bit-228-71.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"systemd-debuginfo-32bit-228-71.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsystemd0-mini / libsystemd0-mini-debuginfo / libudev-mini-devel / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-255.NASL
    descriptionThis update for systemd fixes the following issues : - CVE-2019-6454: Overlong DBUS messages could be used to crash systemd (bsc#1125352) - units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333) - logind: fix bad error propagation - login: log session state
    last seen2020-06-01
    modified2020-06-02
    plugin id122496
    published2019-02-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122496
    titleopenSUSE Security Update : systemd (openSUSE-2019-255)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-255.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122496);
      script_version("1.3");
      script_cvs_date("Date: 2020/02/07");
    
      script_cve_id("CVE-2019-6454");
    
      script_name(english:"openSUSE Security Update : systemd (openSUSE-2019-255)");
      script_summary(english:"Check for the openSUSE-2019-255 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for systemd fixes the following issues :
    
      - CVE-2019-6454: Overlong DBUS messages could be used to
        crash systemd (bsc#1125352)
    
      - units: make sure initrd-cleanup.service terminates
        before switching to rootfs (bsc#1123333)
    
      - logind: fix bad error propagation
    
      - login: log session state 'closing' (as well as
        New/Removed)
    
      - logind: fix borked r check
    
      - login: don't remove all devices from PID1 when only one
        was removed
    
      - login: we only allow opening character devices
    
      - login: correct comment in session_device_free()
    
      - login: remember that fds received from PID1 need to be
        removed eventually
    
      - login: fix FDNAME in call to sd_pid_notify_with_fds()
    
      - logind: fd 0 is a valid fd
    
      - logind: rework sd_eviocrevoke()
    
      - logind: check file is device node before using .st_rdev
    
      - logind: use the new FDSTOREREMOVE=1 sd_notify() message
        (bsc#1124153)
    
      - core: add a new sd_notify() message for removing fds
        from the FD store again
    
      - logind: make sure we don't trip up on half-initialized
        session devices (bsc#1123727)
    
      - fd-util: accept that kcmp might fail with EPERM/EACCES
    
      - core: Fix use after free case in load_from_path()
        (bsc#1121563)
    
      - core: include Found state in device dumps
    
      - device: fix serialization and deserialization of
        DeviceFound
    
      - fix path in btrfs rule (#6844)
    
      - assemble multidevice btrfs volumes without external
        tools (#6607) (bsc#1117025)
    
      - Update systemd-system.conf.xml (bsc#1122000)
    
      - units: inform user that the default target is started
        after exiting from rescue or emergency mode
    
      - core: free lines after reading them (bsc#1123892)
    
      - sd-bus: if we receive an invalid dbus message, ignore
        and proceeed
    
      - automount: don't pass non-blocking pipe to kernel. This
        update was imported from the SUSE:SLE-15:Update update
        project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1117025"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121563"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1122000"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1123333"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1123727"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1123892"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1124153"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1125352"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected systemd packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0-mini");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsystemd0-mini-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev-mini-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev-mini1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev-mini1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev1-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev1-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libudev1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-myhostname");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-myhostname-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-myhostname-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-myhostname-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-mymachines");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-mymachines-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-mymachines-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-mymachines-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-systemd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nss-systemd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-bash-completion");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-container");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-container-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-coredump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-coredump-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-logger");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini-bash-completion");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini-container-mini");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini-container-mini-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini-coredump-mini");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini-coredump-mini-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-mini-sysvinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:systemd-sysvinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:udev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:udev-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:udev-mini");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:udev-mini-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"libsystemd0-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libsystemd0-debuginfo-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libsystemd0-mini-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libsystemd0-mini-debuginfo-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libudev-devel-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libudev-mini-devel-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libudev-mini1-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libudev-mini1-debuginfo-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libudev1-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libudev1-debuginfo-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"nss-myhostname-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"nss-myhostname-debuginfo-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"nss-mymachines-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"nss-mymachines-debuginfo-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"nss-systemd-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"nss-systemd-debuginfo-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"systemd-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"systemd-bash-completion-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"systemd-container-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"systemd-container-debuginfo-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"systemd-coredump-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"systemd-coredump-debuginfo-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"systemd-debuginfo-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"systemd-debugsource-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"systemd-devel-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"systemd-logger-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"systemd-mini-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"systemd-mini-bash-completion-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"systemd-mini-container-mini-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"systemd-mini-container-mini-debuginfo-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"systemd-mini-coredump-mini-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"systemd-mini-coredump-mini-debuginfo-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"systemd-mini-debuginfo-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"systemd-mini-debugsource-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"systemd-mini-devel-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"systemd-mini-sysvinit-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"systemd-sysvinit-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"udev-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"udev-debuginfo-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"udev-mini-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"udev-mini-debuginfo-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libsystemd0-32bit-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libsystemd0-32bit-debuginfo-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libudev-devel-32bit-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libudev1-32bit-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libudev1-32bit-debuginfo-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"nss-myhostname-32bit-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"nss-myhostname-32bit-debuginfo-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"nss-mymachines-32bit-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"nss-mymachines-32bit-debuginfo-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"systemd-32bit-234-lp150.20.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"systemd-32bit-debuginfo-234-lp150.20.15.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsystemd0-mini / libsystemd0-mini-debuginfo / libudev-mini-devel / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0425-1.NASL
    descriptionThis update for systemd fixes the following issues : Security vulnerability fixed : CVE-2019-6454: Fixed a crash of PID1 by sending specially crafted D-BUS message on the system bus by an unprivileged user (bsc#1125352) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122311
    published2019-02-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122311
    titleSUSE SLES12 Security Update : systemd (SUSE-SU-2019:0425-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:0425-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122311);
      script_version("1.4");
      script_cvs_date("Date: 2020/02/10");
    
      script_cve_id("CVE-2019-6454");
    
      script_name(english:"SUSE SLES12 Security Update : systemd (SUSE-SU-2019:0425-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for systemd fixes the following issues :
    
    Security vulnerability fixed :
    
    CVE-2019-6454: Fixed a crash of PID1 by sending specially crafted
    D-BUS message on the system bus by an unprivileged user (bsc#1125352)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125352"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-6454/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20190425-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?64b5610b"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP1-2019-425=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgudev-1_0-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgudev-1_0-0-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgudev-1_0-0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgudev-1_0-0-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgudev-1_0-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev1-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev1-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-sysvinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:typelib-1_0-GUdev-1_0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:udev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:udev-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/02/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/19");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libgudev-1_0-0-210-116.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libgudev-1_0-0-debuginfo-210-116.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libgudev-1_0-devel-210-116.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libudev-devel-210-116.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libudev1-210-116.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libudev1-debuginfo-210-116.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"systemd-210-116.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"systemd-debuginfo-210-116.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"systemd-debugsource-210-116.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"systemd-devel-210-116.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"systemd-sysvinit-210-116.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"typelib-1_0-GUdev-1_0-210-116.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"udev-210-116.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"udev-debuginfo-210-116.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libgudev-1_0-0-32bit-210-116.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libgudev-1_0-0-debuginfo-32bit-210-116.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libudev1-32bit-210-116.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libudev1-debuginfo-32bit-210-116.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"systemd-32bit-210-116.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"systemd-debuginfo-32bit-210-116.22.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-3_0-0024_SYSTEMD.NASL
    descriptionAn update of the systemd package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id128160
    published2019-08-26
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128160
    titlePhoton OS 3.0: Systemd PHSA-2019-3.0-0024
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2019-3.0-0024. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128160);
      script_version("1.2");
      script_cvs_date("Date: 2019/09/24 11:01:33");
    
      script_cve_id("CVE-2019-3843", "CVE-2019-3844", "CVE-2019-6454");
      script_bugtraq_id(107081);
    
      script_name(english:"Photon OS 3.0: Systemd PHSA-2019-3.0-0024");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the systemd package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0024.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-3844");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/26");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:systemd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:3.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 3\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 3.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-3.0", reference:"systemd-239-12.ph3")) flag++;
    if (rpm_check(release:"PhotonOS-3.0", reference:"systemd-debuginfo-239-12.ph3")) flag++;
    if (rpm_check(release:"PhotonOS-3.0", reference:"systemd-devel-239-12.ph3")) flag++;
    if (rpm_check(release:"PhotonOS-3.0", reference:"systemd-lang-239-12.ph3")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-0368.NASL
    descriptionAn update for systemd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash (CVE-2019-6454) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id122350
    published2019-02-21
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122350
    titleCentOS 7 : systemd (CESA-2019:0368)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2019:0368 and 
    # CentOS Errata and Security Advisory 2019:0368 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122350);
      script_version("1.5");
      script_cvs_date("Date: 2020/02/10");
    
      script_cve_id("CVE-2019-6454");
      script_xref(name:"RHSA", value:"2019:0368");
    
      script_name(english:"CentOS 7 : systemd (CESA-2019:0368)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for systemd is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The systemd packages contain systemd, a system and service manager for
    Linux, compatible with the SysV and LSB init scripts. It provides
    aggressive parallelism capabilities, uses socket and D-Bus activation
    for starting services, offers on-demand starting of daemons, and keeps
    track of processes using Linux cgroups. In addition, it supports
    snapshotting and restoring of the system state, maintains mount and
    automount points, and implements an elaborate transactional
    dependency-based service control logic. It can also work as a drop-in
    replacement for sysvinit.
    
    Security Fix(es) :
    
    * systemd: Insufficient input validation in bus_process_object()
    resulting in PID 1 crash (CVE-2019-6454)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section."
      );
      # https://lists.centos.org/pipermail/centos-announce/2019-February/023202.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b03e152d"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected systemd packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-6454");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libgudev1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libgudev1-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:systemd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:systemd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:systemd-journal-gateway");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:systemd-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:systemd-networkd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:systemd-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:systemd-resolved");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:systemd-sysv");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/02/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libgudev1-219-62.el7_6.5")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libgudev1-devel-219-62.el7_6.5")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"systemd-219-62.el7_6.5")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"systemd-devel-219-62.el7_6.5")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"systemd-journal-gateway-219-62.el7_6.5")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"systemd-libs-219-62.el7_6.5")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"systemd-networkd-219-62.el7_6.5")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"systemd-python-219-62.el7_6.5")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"systemd-resolved-219-62.el7_6.5")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"systemd-sysv-219-62.el7_6.5")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libgudev1 / libgudev1-devel / systemd / systemd-devel / etc");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-0990.NASL
    descriptionFrom Red Hat Security Advisory 2019:0990 : An update for systemd is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash (CVE-2019-6454) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [PATCH] bus-socket: Fix line_begins() to accept word matching full (BZ# 1693578)
    last seen2020-06-01
    modified2020-06-02
    plugin id127575
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127575
    titleOracle Linux 8 : systemd (ELSA-2019-0990)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2019:0990 and 
    # Oracle Linux Security Advisory ELSA-2019-0990 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127575);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/06");
    
      script_cve_id("CVE-2019-6454");
      script_xref(name:"RHSA", value:"2019:0990");
    
      script_name(english:"Oracle Linux 8 : systemd (ELSA-2019-0990)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2019:0990 :
    
    An update for systemd is now available for Red Hat Enterprise Linux 8.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The systemd packages contain systemd, a system and service manager for
    Linux, compatible with the SysV and LSB init scripts. It provides
    aggressive parallelism capabilities, uses socket and D-Bus activation
    for starting services, offers on-demand starting of daemons, and keeps
    track of processes using Linux cgroups. In addition, it supports
    snapshotting and restoring of the system state, maintains mount and
    automount points, and implements an elaborate transactional
    dependency-based service control logic. It can also work as a drop-in
    replacement for sysvinit.
    
    Security Fix(es) :
    
    * systemd: Insufficient input validation in bus_process_object()
    resulting in PID 1 crash (CVE-2019-6454)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section.
    
    Bug Fix(es) :
    
    * [PATCH] bus-socket: Fix line_begins() to accept word matching full
    (BZ# 1693578)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2019-August/008970.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected systemd packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:systemd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:systemd-container");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:systemd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:systemd-journal-remote");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:systemd-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:systemd-pam");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:systemd-tests");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:systemd-udev");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:8");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 8", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"systemd-239-13.0.1.el8_0.3")) flag++;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"systemd-container-239-13.0.1.el8_0.3")) flag++;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"systemd-devel-239-13.0.1.el8_0.3")) flag++;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"systemd-journal-remote-239-13.0.1.el8_0.3")) flag++;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"systemd-libs-239-13.0.1.el8_0.3")) flag++;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"systemd-pam-239-13.0.1.el8_0.3")) flag++;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"systemd-tests-239-13.0.1.el8_0.3")) flag++;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"systemd-udev-239-13.0.1.el8_0.3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd / systemd-container / systemd-devel / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2805.NASL
    descriptionAn update for systemd is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash (CVE-2019-6454) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id129039
    published2019-09-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129039
    titleRHEL 7 : systemd (RHSA-2019:2805)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2019:2805. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(129039);
      script_version("1.4");
      script_cvs_date("Date: 2019/12/27");
    
      script_cve_id("CVE-2019-6454");
      script_xref(name:"RHSA", value:"2019:2805");
    
      script_name(english:"RHEL 7 : systemd (RHSA-2019:2805)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for systemd is now available for Red Hat Enterprise Linux
    7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco
    Extended Update Support, and Red Hat Enterprise Linux 7.3 Update
    Services for SAP Solutions.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The systemd packages contain systemd, a system and service manager for
    Linux, compatible with the SysV and LSB init scripts. It provides
    aggressive parallelism capabilities, uses socket and D-Bus activation
    for starting services, offers on-demand starting of daemons, and keeps
    track of processes using Linux cgroups. In addition, it supports
    snapshotting and restoring of the system state, maintains mount and
    automount points, and implements an elaborate transactional
    dependency-based service control logic. It can also work as a drop-in
    replacement for sysvinit.
    
    Security Fix(es) :
    
    * systemd: Insufficient input validation in bus_process_object()
    resulting in PID 1 crash (CVE-2019-6454)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2019:2805"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-6454"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libgudev1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libgudev1-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-journal-gateway");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-networkd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-resolved");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-sysv");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/09/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/19");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7\.3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.3", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2019:2805";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", sp:"3", cpu:"i686", reference:"libgudev1-219-30.el7_3.14")) flag++;
      if (rpm_check(release:"RHEL7", sp:"3", cpu:"x86_64", reference:"libgudev1-219-30.el7_3.14")) flag++;
      if (rpm_check(release:"RHEL7", sp:"3", cpu:"i686", reference:"libgudev1-devel-219-30.el7_3.14")) flag++;
      if (rpm_check(release:"RHEL7", sp:"3", cpu:"x86_64", reference:"libgudev1-devel-219-30.el7_3.14")) flag++;
      if (rpm_check(release:"RHEL7", sp:"3", cpu:"x86_64", reference:"systemd-219-30.el7_3.14")) flag++;
      if (rpm_check(release:"RHEL7", sp:"3", cpu:"i686", reference:"systemd-debuginfo-219-30.el7_3.14")) flag++;
      if (rpm_check(release:"RHEL7", sp:"3", cpu:"x86_64", reference:"systemd-debuginfo-219-30.el7_3.14")) flag++;
      if (rpm_check(release:"RHEL7", sp:"3", cpu:"i686", reference:"systemd-devel-219-30.el7_3.14")) flag++;
      if (rpm_check(release:"RHEL7", sp:"3", cpu:"x86_64", reference:"systemd-devel-219-30.el7_3.14")) flag++;
      if (rpm_check(release:"RHEL7", sp:"3", cpu:"x86_64", reference:"systemd-journal-gateway-219-30.el7_3.14")) flag++;
      if (rpm_check(release:"RHEL7", sp:"3", cpu:"i686", reference:"systemd-libs-219-30.el7_3.14")) flag++;
      if (rpm_check(release:"RHEL7", sp:"3", cpu:"x86_64", reference:"systemd-libs-219-30.el7_3.14")) flag++;
      if (rpm_check(release:"RHEL7", sp:"3", cpu:"x86_64", reference:"systemd-networkd-219-30.el7_3.14")) flag++;
      if (rpm_check(release:"RHEL7", sp:"3", cpu:"x86_64", reference:"systemd-python-219-30.el7_3.14")) flag++;
      if (rpm_check(release:"RHEL7", sp:"3", cpu:"i686", reference:"systemd-resolved-219-30.el7_3.14")) flag++;
      if (rpm_check(release:"RHEL7", sp:"3", cpu:"x86_64", reference:"systemd-resolved-219-30.el7_3.14")) flag++;
      if (rpm_check(release:"RHEL7", sp:"3", cpu:"x86_64", reference:"systemd-sysv-219-30.el7_3.14")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libgudev1 / libgudev1-devel / systemd / systemd-debuginfo / etc");
      }
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1107.NASL
    descriptionAccording to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688) - systemd: stack overflow when calling syslog from a command with long cmdline (CVE-2018-16864) - systemd: stack overflow when receiving many journald entries (CVE-2018-16865) - systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash (CVE-2019-6454) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-03-26
    plugin id123120
    published2019-03-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123120
    titleEulerOS 2.0 SP3 : systemd (EulerOS-SA-2019-1107)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123120);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2018-15688",
        "CVE-2018-16864",
        "CVE-2018-16865",
        "CVE-2019-6454"
      );
    
      script_name(english:"EulerOS 2.0 SP3 : systemd (EulerOS-SA-2019-1107)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the systemd packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - systemd: Out-of-bounds heap write in systemd-networkd
        dhcpv6 option handling (CVE-2018-15688)
    
      - systemd: stack overflow when calling syslog from a
        command with long cmdline (CVE-2018-16864)
    
      - systemd: stack overflow when receiving many journald
        entries (CVE-2018-16865)
    
      - systemd: Insufficient input validation in
        bus_process_object() resulting in PID 1 crash
        (CVE-2019-6454)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1107
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8506613b");
      script_set_attribute(attribute:"solution", value:
    "Update the affected systemd packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/26");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libgudev1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libgudev1-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-sysv");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["libgudev1-219-30.6.h53",
            "libgudev1-devel-219-30.6.h53",
            "systemd-219-30.6.h53",
            "systemd-devel-219-30.6.h53",
            "systemd-libs-219-30.6.h53",
            "systemd-python-219-30.6.h53",
            "systemd-sysv-219-30.6.h53"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1364-1.NASL
    descriptionThis update for systemd fixes the following issues : Security issues fixed : CVE-2019-3842: Fixed a privilege escalation in pam_systemd which could be exploited by a local user (bsc#1132348). CVE-2019-6454: Fixed a denial of service via crafted D-Bus message (bsc#1125352). CVE-2019-3843, CVE-2019-3844: Fixed a privilege escalation where services with DynamicUser could gain new privileges or create SUID/SGID binaries (bsc#1133506, bsc#1133509). Non-security issued fixed: logind: fix killing of scopes (bsc#1125604) namespace: make MountFlags=shared work again (bsc#1124122) rules: load drivers only on
    last seen2020-06-01
    modified2020-06-02
    plugin id125537
    published2019-05-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125537
    titleSUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2019:1364-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:1364-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125537);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/15");
    
      script_cve_id("CVE-2019-3842", "CVE-2019-3843", "CVE-2019-3844", "CVE-2019-6454");
    
      script_name(english:"SUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2019:1364-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for systemd fixes the following issues :
    
    Security issues fixed :
    
    CVE-2019-3842: Fixed a privilege escalation in pam_systemd which could
    be exploited by a local user (bsc#1132348).
    
    CVE-2019-6454: Fixed a denial of service via crafted D-Bus message
    (bsc#1125352).
    
    CVE-2019-3843, CVE-2019-3844: Fixed a privilege escalation where
    services with DynamicUser could gain new privileges or create
    SUID/SGID binaries (bsc#1133506, bsc#1133509).
    
    Non-security issued fixed: logind: fix killing of scopes (bsc#1125604)
    
    namespace: make MountFlags=shared work again (bsc#1124122)
    
    rules: load drivers only on 'add' events (bsc#1126056)
    
    sysctl: Don't pass null directive argument to '%s' (bsc#1121563)
    
    systemd-coredump: generate a stack trace of all core dumps and log
    into the journal (jsc#SLE-5933)
    
    udevd: notify when max number value of children is reached only once
    per batch of events (bsc#1132400)
    
    sd-bus: bump message queue size again (bsc#1132721)
    
    Do not automatically online memory on s390x (bsc#1127557)
    
    Removed sg.conf (bsc#1036463)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1036463"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1121563"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124122"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125352"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125604"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126056"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127557"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1130230"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1132348"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1132400"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1132721"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1133506"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1133509"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-3842/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-3843/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-3844/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-6454/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20191364-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9d71e703"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Open Buildservice Development Tools
    15:zypper in -t patch
    SUSE-SLE-Module-Development-Tools-OBS-15-2019-1364=1
    
    SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch
    SUSE-SLE-Module-Basesystem-15-2019-1364=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-3844");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsystemd0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsystemd0-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsystemd0-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsystemd0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsystemd0-mini");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsystemd0-mini-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev-mini-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev-mini1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev-mini1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev1-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev1-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nss-myhostname");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nss-myhostname-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nss-mymachines");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nss-mymachines-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nss-systemd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nss-systemd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-container");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-container-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-coredump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-coredump-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-logger");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-mini");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-mini-container-mini");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-mini-container-mini-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-mini-coredump-mini");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-mini-coredump-mini-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-mini-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-mini-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-mini-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-mini-sysvinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-sysvinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:udev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:udev-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:udev-mini");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:udev-mini-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
    if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libsystemd0-32bit-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libsystemd0-32bit-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libudev1-32bit-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libudev1-32bit-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"systemd-32bit-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"systemd-32bit-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libsystemd0-mini-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libsystemd0-mini-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libudev-mini-devel-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libudev-mini1-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libudev-mini1-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"nss-myhostname-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"nss-myhostname-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"nss-mymachines-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"nss-mymachines-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"nss-systemd-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"nss-systemd-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-debugsource-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-logger-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-mini-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-mini-container-mini-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-mini-container-mini-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-mini-coredump-mini-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-mini-coredump-mini-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-mini-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-mini-debugsource-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-mini-devel-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-mini-sysvinit-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"udev-mini-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"udev-mini-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libsystemd0-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libsystemd0-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libudev-devel-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libudev1-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libudev1-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-container-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-container-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-coredump-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-coredump-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-debugsource-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-devel-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"systemd-sysvinit-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"udev-234-24.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"udev-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libsystemd0-32bit-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libsystemd0-32bit-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libudev1-32bit-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libudev1-32bit-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"systemd-32bit-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"systemd-32bit-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libsystemd0-mini-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libsystemd0-mini-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libudev-mini-devel-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libudev-mini1-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libudev-mini1-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"nss-myhostname-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"nss-myhostname-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"nss-mymachines-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"nss-mymachines-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"nss-systemd-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"nss-systemd-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-debugsource-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-logger-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-mini-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-mini-container-mini-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-mini-container-mini-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-mini-coredump-mini-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-mini-coredump-mini-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-mini-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-mini-debugsource-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-mini-devel-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-mini-sysvinit-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"udev-mini-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"udev-mini-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libsystemd0-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libsystemd0-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libudev-devel-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libudev1-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libudev1-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-container-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-container-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-coredump-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-coredump-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-debuginfo-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-debugsource-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-devel-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"systemd-sysvinit-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"udev-234-24.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"udev-debuginfo-234-24.30.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1684.NASL
    descriptionChris Coulson discovered a flaw in systemd leading to denial of service. An unprivileged user could take advantage of this issue to crash PID1 by sending a specially crafted D-Bus message on the system bus. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id122319
    published2019-02-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122319
    titleDebian DLA-1684-1 : systemd security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-1684-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122319);
      script_version("1.3");
      script_cvs_date("Date: 2020/02/10");
    
      script_cve_id("CVE-2019-6454");
    
      script_name(english:"Debian DLA-1684-1 : systemd security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Chris Coulson discovered a flaw in systemd leading to denial of
    service. An unprivileged user could take advantage of this issue to
    crash PID1 by sending a specially crafted D-Bus message on the system
    bus.
    
    For Debian 8 'Jessie', this problem has been fixed in version
    215-17+deb8u10.
    
    We recommend that you upgrade your systemd packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2019/02/msg00031.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/systemd"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gir1.2-gudev-1.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgudev-1.0-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgudev-1.0-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpam-systemd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsystemd-daemon-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsystemd-daemon0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsystemd-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsystemd-id128-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsystemd-id128-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsystemd-journal-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsystemd-journal0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsystemd-login-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsystemd-login0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsystemd0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libudev-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libudev1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libudev1-udeb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python3-systemd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:systemd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:systemd-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:systemd-sysv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udev-udeb");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/02/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"gir1.2-gudev-1.0", reference:"215-17+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"libgudev-1.0-0", reference:"215-17+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"libgudev-1.0-dev", reference:"215-17+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"libpam-systemd", reference:"215-17+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"libsystemd-daemon-dev", reference:"215-17+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"libsystemd-daemon0", reference:"215-17+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"libsystemd-dev", reference:"215-17+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"libsystemd-id128-0", reference:"215-17+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"libsystemd-id128-dev", reference:"215-17+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"libsystemd-journal-dev", reference:"215-17+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"libsystemd-journal0", reference:"215-17+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"libsystemd-login-dev", reference:"215-17+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"libsystemd-login0", reference:"215-17+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"libsystemd0", reference:"215-17+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"libudev-dev", reference:"215-17+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"libudev1", reference:"215-17+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"libudev1-udeb", reference:"215-17+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"python3-systemd", reference:"215-17+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"systemd", reference:"215-17+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"systemd-dbg", reference:"215-17+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"systemd-sysv", reference:"215-17+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"udev", reference:"215-17+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"udev-udeb", reference:"215-17+deb8u10")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0428-1.NASL
    descriptionThis update for systemd fixes the following issues : Security vulnerability fixed : CVE-2019-6454: Fixed a crash of PID1 by sending specially crafted D-BUS message on the system bus by an unprivileged user (bsc#1125352) Other bug fixes and changes: journal-remote: set a limit on the number of fields in a message journal-remote: verify entry length from header journald: set a limit on the number of fields (1k) journald: do not store the iovec entry for process commandline on stack core: include Found state in device dumps device: fix serialization and deserialization of DeviceFound fix path in btrfs rule (#6844) assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025) Update systemd-system.conf.xml (bsc#1122000) units: inform user that the default target is started after exiting from rescue or emergency mode manager: don
    last seen2020-06-01
    modified2020-06-02
    plugin id122340
    published2019-02-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122340
    titleSUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2019:0428-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-268.NASL
    descriptionThis update for systemd fixes the following issues : Security vulnerability fixed : - CVE-2019-6454: Fixed a crash of PID1 by sending specially crafted D-BUS message on the system bus by an unprivileged user (bsc#1125352) Other bug fixes and changes : - journal-remote: set a limit on the number of fields in a message - journal-remote: verify entry length from header - journald: set a limit on the number of fields (1k) - journald: do not store the iovec entry for process commandline on stack - core: include Found state in device dumps - device: fix serialization and deserialization of DeviceFound - fix path in btrfs rule (#6844) - assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025) - Update systemd-system.conf.xml (bsc#1122000) - units: inform user that the default target is started after exiting from rescue or emergency mode - manager: don
    last seen2020-06-01
    modified2020-06-02
    plugin id122529
    published2019-03-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122529
    titleopenSUSE Security Update : systemd (openSUSE-2019-268)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3891-1.NASL
    descriptionIt was discovered that systemd incorrectly handled certain D-Bus messages. A local unprivileged attacker could exploit this in order to crash the init process, resulting in a system denial-of-service (kernel panic). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122314
    published2019-02-19
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122314
    titleUbuntu 16.04 LTS / 18.04 LTS / 18.10 : systemd vulnerability (USN-3891-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0990.NASL
    descriptionAn update for systemd is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash (CVE-2019-6454) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [PATCH] bus-socket: Fix line_begins() to accept word matching full (BZ# 1693578)
    last seen2020-06-01
    modified2020-06-02
    plugin id124672
    published2019-05-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124672
    titleRHEL 8 : systemd (RHSA-2019:0990)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1265-1.NASL
    descriptionThis update for systemd fixes the following issues : Security issues fixed : CVE-2018-6954: Fixed a vulnerability in the symlink handling of systemd-tmpfiles which allowed a local user to obtain ownership of arbitrary files (bsc#1080919). CVE-2019-3842: Fixed a vulnerability in pam_systemd which allowed a local user to escalate privileges (bsc#1132348). CVE-2019-6454: Fixed a denial of service caused by long dbus messages (bsc#1125352). Non-security issues fixed: systemd-coredump: generate a stack trace of all core dumps (jsc#SLE-5933) udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) sd-bus: bump message queue size again (bsc#1132721) core: only watch processes when it
    last seen2020-06-01
    modified2020-06-02
    plugin id125244
    published2019-05-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125244
    titleSUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2019:1265-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1412.NASL
    descriptionAccording to the versions of the systemd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.(CVE-2018-16864) - An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.(CVE-2018-16865) - An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).(CVE-2019-6454) - A race condition was found in systemd. This could result in automount requests not being serviced and processes using them could hang, causing denial of service.(CVE-2018-1049) - It was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id124915
    published2019-05-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124915
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : systemd (EulerOS-SA-2019-1412)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1196.NASL
    descriptionAccording to the version of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - It was discovered that systemd allocates a buffer large enough to store the path field of a dbus message without performing enough checks. A local attacker may trigger this flaw by sending a dbus message to systemd with a large path making systemd crash or possibly elevating his privileges.(CVE-2019-6454) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123882
    published2019-04-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123882
    titleEulerOS Virtualization 2.5.4 : systemd (EulerOS-SA-2019-1196)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0368.NASL
    descriptionAn update for systemd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash (CVE-2019-6454) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id122334
    published2019-02-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122334
    titleRHEL 7 : systemd (RHSA-2019:0368)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0426-1.NASL
    descriptionThis update for systemd fixes the following issues : CVE-2019-6454: Overlong DBUS messages could be used to crash systemd (bsc#1125352) units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333) logind: fix bad error propagation login: log session state
    last seen2020-06-01
    modified2020-06-02
    plugin id122312
    published2019-02-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122312
    titleSUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2019:0426-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1153.NASL
    descriptionAccording to the version of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash (CVE-2019-6454) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-04-02
    plugin id123627
    published2019-04-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123627
    titleEulerOS 2.0 SP5 : systemd (EulerOS-SA-2019-1153)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1322.NASL
    descriptionAn update for systemd is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash (CVE-2019-6454) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * systemd segfaults running test case https://github.com/systemd/ systemd-fedora-ci/tree/master/issue-1981 (BZ#1711872) * Race between systemctl start (and likely others) vs systemctl daemon-reload (BZ#1711875) * systemd doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id125712
    published2019-06-05
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125712
    titleRHEL 7 : systemd (RHSA-2019:1322)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0424-1.NASL
    descriptionThis update for systemd fixes the following issues : Security vulnerability fixed : CVE-2019-6454: Fixed a crash of PID1 by sending specially crafted D-BUS message on the system bus by an unprivileged user (bsc#1125352) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122310
    published2019-02-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122310
    titleSUSE SLES12 Security Update : systemd (SUSE-SU-2019:0424-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-2DAB60E288.NASL
    description - Properly validate dbus paths received over dbus (#1678394, CVE-2019-6454) - systemd-networkd fixes: keep bond slave up if already attached, keep existing ip addresses and routes No need to log out or reboot. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122725
    published2019-03-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122725
    titleFedora 28 : systemd (2019-2dab60e288)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0457.NASL
    descriptionAn update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host
    last seen2020-06-01
    modified2020-06-02
    plugin id122737
    published2019-03-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122737
    titleRHEL 7 : Virtualization Manager (RHSA-2019:0457)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0461.NASL
    descriptionAn update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. The following packages have been upgraded to a later upstream version: rhvm-appliance (4.2). (BZ#1679415) Security Fix(es) : * systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash (CVE-2019-6454) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id122739
    published2019-03-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122739
    titleRHEL 7 : Virtualization Manager (RHSA-2019:0461)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201903-07.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201903-07 (systemd: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in systemd. Please review the CVE identifiers referenced below for details. Impact : An attacker could cause a Denial of Service condition or possibly execute arbitrary code. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id122735
    published2019-03-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122735
    titleGLSA-201903-07 : systemd: Multiple vulnerabilities
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190221_SYSTEMD_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash (CVE-2019-6454)
    last seen2020-03-18
    modified2019-02-22
    plugin id122392
    published2019-02-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122392
    titleScientific Linux Security Update : systemd on SL7.x x86_64 (20190221)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1128.NASL
    descriptionAccording to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - systemd: memory leak in journald-server.c introduced by fix for CVE-2018-16864 (CVE-2019-3815) - systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash (CVE-2019-6454) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-04-02
    plugin id123602
    published2019-04-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123602
    titleEulerOS 2.0 SP2 : systemd (EulerOS-SA-2019-1128)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1364-2.NASL
    descriptionThis update for systemd fixes the following issues : Security issues fixed : CVE-2019-3842: Fixed a privilege escalation in pam_systemd which could be exploited by a local user (bsc#1132348). CVE-2019-6454: Fixed a denial of service via crafted D-Bus message (bsc#1125352). CVE-2019-3843, CVE-2019-3844: Fixed a privilege escalation where services with DynamicUser could gain new privileges or create SUID/SGID binaries (bsc#1133506, bsc#1133509). Non-security issued fixed: logind: fix killing of scopes (bsc#1125604) namespace: make MountFlags=shared work again (bsc#1124122) rules: load drivers only on
    last seen2020-06-01
    modified2020-06-02
    plugin id126736
    published2019-07-16
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126736
    titleSUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2019:1364-2)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-8434288A24.NASL
    description - Prevent buffer overread in systemd-udevd - Properly validate dbus paths received over dbus (#1678394, CVE-2019-6454) No need to log out or reboot. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122371
    published2019-02-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122371
    titleFedora 29 : systemd (2019-8434288a24)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1164.NASL
    descriptionIt was found that bus_process_object() in bus-objects.c allocates a buffer on the stack large enough to temporarily store the object path specified in the incoming message. A malicious unprivileged local user to send a message which results in the stack pointer moving outside of the bounds of the currently mapped stack region, jumping over the stack guard pages. A specifically crafted DBUS nessage could crash PID 1 and result in a subsequent kernel panic.(CVE-2019-6454)
    last seen2020-06-01
    modified2020-06-02
    plugin id122261
    published2019-02-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122261
    titleAmazon Linux 2 : systemd (ALAS-2019-1164)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4393.NASL
    descriptionChris Coulson discovered a flaw in systemd leading to denial of service. An unprivileged user could take advantage of this issue to crash PID1 by sending a specially crafted D-Bus message on the system bus.
    last seen2020-06-01
    modified2020-06-02
    plugin id122270
    published2019-02-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122270
    titleDebian DSA-4393-1 : systemd - security update
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0057_SYSTEMD.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has systemd packages installed that are affected by multiple vulnerabilities: - A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. (CVE-2019-3815) - It was discovered that systemd allocates a buffer large enough to store the path field of a dbus message without performing enough checks. A local attacker may trigger this flaw by sending a dbus message to systemd with a large path making systemd crash or possibly elevating his privileges. (CVE-2019-6454) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127248
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127248
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : systemd Multiple Vulnerabilities (NS-SA-2019-0057)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1256.NASL
    descriptionAccording to the version of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - It was discovered that systemd allocates a buffer large enough to store the path field of a dbus message without performing enough checks. A local attacker may trigger this flaw by sending a dbus message to systemd with a large path making systemd crash or possibly elevating his privileges.i1/4^CVE-2019-6454i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-04-04
    plugin id123724
    published2019-04-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123724
    titleEulerOS Virtualization 2.5.3 : systemd (EulerOS-SA-2019-1256)

Redhat

advisories
  • bugzilla
    id1667032
    titleCVE-2019-6454 systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentsystemd-devel is earlier than 0:219-62.el7_6.5
            ovaloval:com.redhat.rhsa:tst:20190368001
          • commentsystemd-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152092020
        • AND
          • commentsystemd-resolved is earlier than 0:219-62.el7_6.5
            ovaloval:com.redhat.rhsa:tst:20190368003
          • commentsystemd-resolved is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152092002
        • AND
          • commentsystemd-networkd is earlier than 0:219-62.el7_6.5
            ovaloval:com.redhat.rhsa:tst:20190368005
          • commentsystemd-networkd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152092004
        • AND
          • commentlibgudev1-devel is earlier than 0:219-62.el7_6.5
            ovaloval:com.redhat.rhsa:tst:20190368007
          • commentlibgudev1-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152092018
        • AND
          • commentsystemd-journal-gateway is earlier than 0:219-62.el7_6.5
            ovaloval:com.redhat.rhsa:tst:20190368009
          • commentsystemd-journal-gateway is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152092006
        • AND
          • commentsystemd-libs is earlier than 0:219-62.el7_6.5
            ovaloval:com.redhat.rhsa:tst:20190368011
          • commentsystemd-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152092016
        • AND
          • commentsystemd is earlier than 0:219-62.el7_6.5
            ovaloval:com.redhat.rhsa:tst:20190368013
          • commentsystemd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152092014
        • AND
          • commentlibgudev1 is earlier than 0:219-62.el7_6.5
            ovaloval:com.redhat.rhsa:tst:20190368015
          • commentlibgudev1 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152092010
        • AND
          • commentsystemd-python is earlier than 0:219-62.el7_6.5
            ovaloval:com.redhat.rhsa:tst:20190368017
          • commentsystemd-python is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152092012
        • AND
          • commentsystemd-sysv is earlier than 0:219-62.el7_6.5
            ovaloval:com.redhat.rhsa:tst:20190368019
          • commentsystemd-sysv is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152092008
    rhsa
    idRHSA-2019:0368
    released2019-02-19
    severityImportant
    titleRHSA-2019:0368: systemd security update (Important)
  • bugzilla
    id1693578
    title[PATCH] bus-socket: Fix line_begins() to accept word matching full[ZStream Clone]
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • commentsystemd-pam is earlier than 0:239-13.el8_0.3
            ovaloval:com.redhat.rhsa:tst:20190990001
          • commentsystemd-pam is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190990002
        • AND
          • commentsystemd-tests is earlier than 0:239-13.el8_0.3
            ovaloval:com.redhat.rhsa:tst:20190990003
          • commentsystemd-tests is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190990004
        • AND
          • commentsystemd-devel is earlier than 0:239-13.el8_0.3
            ovaloval:com.redhat.rhsa:tst:20190990005
          • commentsystemd-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152092020
        • AND
          • commentsystemd-libs is earlier than 0:239-13.el8_0.3
            ovaloval:com.redhat.rhsa:tst:20190990007
          • commentsystemd-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152092016
        • AND
          • commentsystemd-container is earlier than 0:239-13.el8_0.3
            ovaloval:com.redhat.rhsa:tst:20190990009
          • commentsystemd-container is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190990010
        • AND
          • commentsystemd-journal-remote is earlier than 0:239-13.el8_0.3
            ovaloval:com.redhat.rhsa:tst:20190990011
          • commentsystemd-journal-remote is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190990012
        • AND
          • commentsystemd is earlier than 0:239-13.el8_0.3
            ovaloval:com.redhat.rhsa:tst:20190990013
          • commentsystemd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152092014
        • AND
          • commentsystemd-debugsource is earlier than 0:239-13.el8_0.3
            ovaloval:com.redhat.rhsa:tst:20190990015
          • commentsystemd-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190990016
        • AND
          • commentsystemd-udev is earlier than 0:239-13.el8_0.3
            ovaloval:com.redhat.rhsa:tst:20190990017
          • commentsystemd-udev is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190990018
    rhsa
    idRHSA-2019:0990
    released2019-05-07
    severityModerate
    titleRHSA-2019:0990: systemd security and bug fix update (Moderate)
  • rhsa
    idRHSA-2019:1322
  • rhsa
    idRHSA-2019:1502
  • rhsa
    idRHSA-2019:2805
rpms
  • libgudev1-0:219-62.el7_6.5
  • libgudev1-devel-0:219-62.el7_6.5
  • systemd-0:219-62.el7_6.5
  • systemd-debuginfo-0:219-62.el7_6.5
  • systemd-devel-0:219-62.el7_6.5
  • systemd-journal-gateway-0:219-62.el7_6.5
  • systemd-libs-0:219-62.el7_6.5
  • systemd-networkd-0:219-62.el7_6.5
  • systemd-python-0:219-62.el7_6.5
  • systemd-resolved-0:219-62.el7_6.5
  • systemd-sysv-0:219-62.el7_6.5
  • redhat-release-virtualization-host-0:4.2-8.3.el7
  • redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6
  • redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7
  • rhvm-appliance-2:4.2-20190224.0.el7
  • systemd-0:239-13.el8_0.3
  • systemd-container-0:239-13.el8_0.3
  • systemd-container-debuginfo-0:239-13.el8_0.3
  • systemd-debuginfo-0:239-13.el8_0.3
  • systemd-debugsource-0:239-13.el8_0.3
  • systemd-devel-0:239-13.el8_0.3
  • systemd-journal-remote-0:239-13.el8_0.3
  • systemd-journal-remote-debuginfo-0:239-13.el8_0.3
  • systemd-libs-0:239-13.el8_0.3
  • systemd-libs-debuginfo-0:239-13.el8_0.3
  • systemd-pam-0:239-13.el8_0.3
  • systemd-pam-debuginfo-0:239-13.el8_0.3
  • systemd-tests-0:239-13.el8_0.3
  • systemd-tests-debuginfo-0:239-13.el8_0.3
  • systemd-udev-0:239-13.el8_0.3
  • systemd-udev-debuginfo-0:239-13.el8_0.3
  • libgudev1-0:219-57.el7_5.6
  • libgudev1-devel-0:219-57.el7_5.6
  • systemd-0:219-57.el7_5.6
  • systemd-debuginfo-0:219-57.el7_5.6
  • systemd-devel-0:219-57.el7_5.6
  • systemd-journal-gateway-0:219-57.el7_5.6
  • systemd-libs-0:219-57.el7_5.6
  • systemd-networkd-0:219-57.el7_5.6
  • systemd-python-0:219-57.el7_5.6
  • systemd-resolved-0:219-57.el7_5.6
  • systemd-sysv-0:219-57.el7_5.6
  • libgudev1-0:219-42.el7_4.16
  • libgudev1-devel-0:219-42.el7_4.16
  • systemd-0:219-42.el7_4.16
  • systemd-debuginfo-0:219-42.el7_4.16
  • systemd-devel-0:219-42.el7_4.16
  • systemd-journal-gateway-0:219-42.el7_4.16
  • systemd-libs-0:219-42.el7_4.16
  • systemd-networkd-0:219-42.el7_4.16
  • systemd-python-0:219-42.el7_4.16
  • systemd-resolved-0:219-42.el7_4.16
  • systemd-sysv-0:219-42.el7_4.16
  • libgudev1-0:219-30.el7_3.14
  • libgudev1-devel-0:219-30.el7_3.14
  • systemd-0:219-30.el7_3.14
  • systemd-debuginfo-0:219-30.el7_3.14
  • systemd-devel-0:219-30.el7_3.14
  • systemd-journal-gateway-0:219-30.el7_3.14
  • systemd-libs-0:219-30.el7_3.14
  • systemd-networkd-0:219-30.el7_3.14
  • systemd-python-0:219-30.el7_3.14
  • systemd-resolved-0:219-30.el7_3.14
  • systemd-sysv-0:219-30.el7_3.14

References