Vulnerabilities > CVE-2020-1712 - Use After Free vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
systemd-project
redhat
debian
CWE-416
nessus

Summary

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.

Vulnerable Configurations

Part Description Count
Application
Systemd_Project
143
Application
Redhat
4
OS
Redhat
1
OS
Debian
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0564.NASL
    descriptionAn update for systemd is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * systemd: use-after-free when asynchronous polkit queries are performed (CVE-2020-1712) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id133942
    published2020-02-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133942
    titleRHEL 8 : systemd (RHSA-2020:0564)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2020:0564. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133942);
      script_version("1.1");
      script_cvs_date("Date: 2020/02/24");
    
      script_cve_id("CVE-2020-1712");
      script_xref(name:"RHSA", value:"2020:0564");
    
      script_name(english:"RHEL 8 : systemd (RHSA-2020:0564)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for systemd is now available for Red Hat Enterprise Linux
    8.0 Update Services for SAP Solutions.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The systemd packages contain systemd, a system and service manager for
    Linux, compatible with the SysV and LSB init scripts. It provides
    aggressive parallelism capabilities, uses socket and D-Bus activation
    for starting services, offers on-demand starting of daemons, and keeps
    track of processes using Linux cgroups. In addition, it supports
    snapshotting and restoring of the system state, maintains mount and
    automount points, and implements an elaborate transactional
    dependency-based service control logic. It can also work as a drop-in
    replacement for sysvinit.
    
    Security Fix(es) :
    
    * systemd: use-after-free when asynchronous polkit queries are
    performed (CVE-2020-1712)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2020:0564"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-1712"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-container");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-container-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-journal-remote");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-journal-remote-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-libs-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-pam");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-pam-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-tests");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-tests-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-udev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-udev-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^8\.0([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 8.0", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2020:0564";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"systemd-239-13.el8_0.7")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-239-13.el8_0.7")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"systemd-container-239-13.el8_0.7")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-container-239-13.el8_0.7")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"systemd-container-debuginfo-239-13.el8_0.7")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-container-debuginfo-239-13.el8_0.7")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"systemd-debuginfo-239-13.el8_0.7")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-debuginfo-239-13.el8_0.7")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"systemd-debugsource-239-13.el8_0.7")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-debugsource-239-13.el8_0.7")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"systemd-devel-239-13.el8_0.7")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-devel-239-13.el8_0.7")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-journal-remote-239-13.el8_0.7")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"systemd-journal-remote-debuginfo-239-13.el8_0.7")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-journal-remote-debuginfo-239-13.el8_0.7")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"systemd-libs-239-13.el8_0.7")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-libs-239-13.el8_0.7")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"systemd-libs-debuginfo-239-13.el8_0.7")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-libs-debuginfo-239-13.el8_0.7")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-pam-239-13.el8_0.7")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"systemd-pam-debuginfo-239-13.el8_0.7")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-pam-debuginfo-239-13.el8_0.7")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-tests-239-13.el8_0.7")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"systemd-tests-debuginfo-239-13.el8_0.7")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-tests-debuginfo-239-13.el8_0.7")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-udev-239-13.el8_0.7")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"systemd-udev-debuginfo-239-13.el8_0.7")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-udev-debuginfo-239-13.el8_0.7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd / systemd-container / systemd-container-debuginfo / etc");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0575.NASL
    descriptionAn update for systemd is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * systemd: use-after-free when asynchronous polkit queries are performed (CVE-2020-1712) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * systemd: systemctl reload command breaks ordering dependencies between units (BZ#1781712)
    last seen2020-06-01
    modified2020-06-02
    plugin id134030
    published2020-02-25
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134030
    titleRHEL 8 : systemd (RHSA-2020:0575)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-2_0-0235_SYSTEMD.NASL
    descriptionAn update of the systemd package has been released.
    last seen2020-05-08
    modified2020-05-05
    plugin id136335
    published2020-05-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136335
    titlePhoton OS 2.0: Systemd PHSA-2020-2.0-0235
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-0575.NASL
    descriptionFrom Red Hat Security Advisory 2020:0575 : An update for systemd is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * systemd: use-after-free when asynchronous polkit queries are performed (CVE-2020-1712) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * systemd: systemctl reload command breaks ordering dependencies between units (BZ#1781712)
    last seen2020-04-16
    modified2020-02-26
    plugin id134058
    published2020-02-26
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134058
    titleOracle Linux 8 : systemd (ELSA-2020-0575)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0353-1.NASL
    descriptionThis update for systemd provides the following fixes : CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. sd-bus: Deal with cookie overruns. (bsc#1150595) rules: Add by-id symlinks for persistent memory. (bsc#1140631) Drop the old fds used for logging and reopen them in the sub process before doing any new logging. (bsc#1154948) Fix warnings thrown during package installation (bsc#1154043) Fix for systemctl hanging by restart. (bsc#1139459) man: mention that alias names are only effective after
    last seen2020-04-16
    modified2020-02-07
    plugin id133547
    published2020-02-07
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133547
    titleSUSE SLES12 Security Update : systemd (SUSE-SU-2020:0353-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1301.NASL
    descriptionAccording to the version of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.(CVE-2020-1712) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2020-03-23
    plugin id134793
    published2020-03-23
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134793
    titleEulerOS 2.0 SP8 : systemd (EulerOS-SA-2020-1301)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-202003-20.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-202003-20 (systemd: Heap use-after-free) It was found that systemd incorrectly handled certain Polkit queries. Impact : A local unprivileged user, by sending a specially crafted Polkit query, could possibly execute arbitrary code with the privileges of the process, escalate privileges or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-04-16
    modified2020-03-16
    plugin id134597
    published2020-03-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134597
    titleGLSA-202003-20 : systemd: Heap use-after-free
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4269-1.NASL
    descriptionIt was discovered that systemd incorrectly handled certain PIDFile files. A local attacker could possibly use this issue to trick systemd into killing privileged processes. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-16888) It was discovered that systemd incorrectly handled certain udevadm trigger commands. A local attacker could possibly use this issue to cause systemd to consume resources, leading to a denial of service. (CVE-2019-20386) Jann Horn discovered that systemd incorrectly handled services that use the DynamicUser property. A local attacker could possibly use this issue to access resources owned by a different service in the future. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-3843, CVE-2019-3844) Tavis Ormandy discovered that systemd incorrectly handled certain Polkit queries. A local attacker could use this issue to cause systemd to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges. (CVE-2020-1712). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id133523
    published2020-02-06
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133523
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.10 : systemd vulnerabilities (USN-4269-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-3_0-0083_SYSTEMD.NASL
    descriptionAn update of the systemd package has been released.
    last seen2020-05-03
    modified2020-04-29
    plugin id136097
    published2020-04-29
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136097
    titlePhoton OS 3.0: Systemd PHSA-2020-3.0-0083
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0335-1.NASL
    descriptionThis update for systemd fixes the following issues : CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. Use suse.pool.ntp.org server pool on SLE distros (jsc#SLE-7683) libblkid: open device in nonblock mode. (bsc#1084671) udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) bus_open leak sd_event_source when udevadm trigger&Atilde;&pound;&Acirc;&#128;&Acirc;&#130; (bsc#1161436 CVE-2019-20386) fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (bsc#1133495 bsc#1159814) fileio: initialize errno to zero before we do fread() fileio: try to read one byte too much in read_full_stream() logind: consider
    last seen2020-04-16
    modified2020-02-07
    plugin id133540
    published2020-02-07
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133540
    titleSUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2020:0335-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2020-F8E267D6D0.NASL
    descriptionA few bugfixes and hwdb update. No need to log out or reboot. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-16
    modified2020-02-24
    plugin id133893
    published2020-02-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133893
    titleFedora 30 : systemd (2020-f8e267d6d0)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2020-1388.NASL
    descriptionA heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages. (CVE-2020-1712)
    last seen2020-04-16
    modified2020-02-10
    plugin id133552
    published2020-02-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133552
    titleAmazon Linux 2 : systemd (ALAS-2020-1388)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0331-1.NASL
    descriptionThis update for systemd fixes the following issues : CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. Unconfirmed fix for prevent hanging of systemctl during restart. (bsc#1139459) Fix warnings thrown during package installation. (bsc#1154043) Fix for system-udevd prevent crash within OES2018. (bsc#1151506) Fragments of masked units ought not be considered for
    last seen2020-04-16
    modified2020-02-06
    plugin id133520
    published2020-02-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133520
    titleSUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2020:0331-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-208.NASL
    descriptionThis update for systemd fixes the following issues : - CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. - Use suse.pool.ntp.org server pool on SLE distros (jsc#SLE-7683) - libblkid: open device in nonblock mode. (bsc#1084671) - udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) - bus_open leak sd_event_source when udevadm trigger&#x3002; (bsc#1161436 CVE-2019-20386) - fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (bsc#1133495 bsc#1159814) - fileio: initialize errno to zero before we do fread() - fileio: try to read one byte too much in read_full_stream() - logind: consider
    last seen2020-04-16
    modified2020-02-13
    plugin id133666
    published2020-02-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133666
    titleopenSUSE Security Update : systemd (openSUSE-2020-208)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1331.NASL
    descriptionAccording to the version of the systemd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.(CVE-2020-1712) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-16
    modified2020-04-02
    plugin id135118
    published2020-04-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135118
    titleEulerOS Virtualization for ARM 64 3.0.6.0 : systemd (EulerOS-SA-2020-1331)

Redhat

advisories
bugzilla
id1794578
titleCVE-2020-1712 systemd: use-after-free when asynchronous polkit queries are performed
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 8 is installed
      ovaloval:com.redhat.rhba:tst:20193384074
    • OR
      • AND
        • commentsystemd-debugsource is earlier than 0:239-18.el8_1.4
          ovaloval:com.redhat.rhsa:tst:20200575001
        • commentsystemd-debugsource is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20190990016
      • AND
        • commentsystemd-udev is earlier than 0:239-18.el8_1.4
          ovaloval:com.redhat.rhsa:tst:20200575003
        • commentsystemd-udev is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20190990018
      • AND
        • commentsystemd-tests is earlier than 0:239-18.el8_1.4
          ovaloval:com.redhat.rhsa:tst:20200575005
        • commentsystemd-tests is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20190990004
      • AND
        • commentsystemd-pam is earlier than 0:239-18.el8_1.4
          ovaloval:com.redhat.rhsa:tst:20200575007
        • commentsystemd-pam is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20190990002
      • AND
        • commentsystemd-libs is earlier than 0:239-18.el8_1.4
          ovaloval:com.redhat.rhsa:tst:20200575009
        • commentsystemd-libs is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152092016
      • AND
        • commentsystemd-journal-remote is earlier than 0:239-18.el8_1.4
          ovaloval:com.redhat.rhsa:tst:20200575011
        • commentsystemd-journal-remote is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20190990012
      • AND
        • commentsystemd-devel is earlier than 0:239-18.el8_1.4
          ovaloval:com.redhat.rhsa:tst:20200575013
        • commentsystemd-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152092020
      • AND
        • commentsystemd-container is earlier than 0:239-18.el8_1.4
          ovaloval:com.redhat.rhsa:tst:20200575015
        • commentsystemd-container is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20190990010
      • AND
        • commentsystemd is earlier than 0:239-18.el8_1.4
          ovaloval:com.redhat.rhsa:tst:20200575017
        • commentsystemd is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152092014
rhsa
idRHSA-2020:0575
released2020-02-24
severityImportant
titleRHSA-2020:0575: systemd security and bug fix update (Important)
rpms
  • systemd-0:239-13.el8_0.7
  • systemd-container-0:239-13.el8_0.7
  • systemd-container-debuginfo-0:239-13.el8_0.7
  • systemd-debuginfo-0:239-13.el8_0.7
  • systemd-debugsource-0:239-13.el8_0.7
  • systemd-devel-0:239-13.el8_0.7
  • systemd-journal-remote-0:239-13.el8_0.7
  • systemd-journal-remote-debuginfo-0:239-13.el8_0.7
  • systemd-libs-0:239-13.el8_0.7
  • systemd-libs-debuginfo-0:239-13.el8_0.7
  • systemd-pam-0:239-13.el8_0.7
  • systemd-pam-debuginfo-0:239-13.el8_0.7
  • systemd-tests-0:239-13.el8_0.7
  • systemd-tests-debuginfo-0:239-13.el8_0.7
  • systemd-udev-0:239-13.el8_0.7
  • systemd-udev-debuginfo-0:239-13.el8_0.7
  • systemd-0:239-18.el8_1.4
  • systemd-container-0:239-18.el8_1.4
  • systemd-container-debuginfo-0:239-18.el8_1.4
  • systemd-debuginfo-0:239-18.el8_1.4
  • systemd-debugsource-0:239-18.el8_1.4
  • systemd-devel-0:239-18.el8_1.4
  • systemd-journal-remote-0:239-18.el8_1.4
  • systemd-journal-remote-debuginfo-0:239-18.el8_1.4
  • systemd-libs-0:239-18.el8_1.4
  • systemd-libs-debuginfo-0:239-18.el8_1.4
  • systemd-pam-0:239-18.el8_1.4
  • systemd-pam-debuginfo-0:239-18.el8_1.4
  • systemd-tests-0:239-18.el8_1.4
  • systemd-tests-debuginfo-0:239-18.el8_1.4
  • systemd-udev-0:239-18.el8_1.4
  • systemd-udev-debuginfo-0:239-18.el8_1.4