Vulnerabilities > CVE-2020-1712 - Use After Free vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-0564.NASL description An update for systemd is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * systemd: use-after-free when asynchronous polkit queries are performed (CVE-2020-1712) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 133942 published 2020-02-24 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133942 title RHEL 8 : systemd (RHSA-2020:0564) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:0564. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(133942); script_version("1.1"); script_cvs_date("Date: 2020/02/24"); script_cve_id("CVE-2020-1712"); script_xref(name:"RHSA", value:"2020:0564"); script_name(english:"RHEL 8 : systemd (RHSA-2020:0564)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for systemd is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * systemd: use-after-free when asynchronous polkit queries are performed (CVE-2020-1712) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:0564" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-1712" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-container"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-container-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-journal-remote"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-journal-remote-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-libs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-pam"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-pam-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-tests"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-tests-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-udev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:systemd-udev-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8.0"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^8\.0([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 8.0", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2020:0564"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"systemd-239-13.el8_0.7")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-239-13.el8_0.7")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"systemd-container-239-13.el8_0.7")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-container-239-13.el8_0.7")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"systemd-container-debuginfo-239-13.el8_0.7")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-container-debuginfo-239-13.el8_0.7")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"systemd-debuginfo-239-13.el8_0.7")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-debuginfo-239-13.el8_0.7")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"systemd-debugsource-239-13.el8_0.7")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-debugsource-239-13.el8_0.7")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"systemd-devel-239-13.el8_0.7")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-devel-239-13.el8_0.7")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-journal-remote-239-13.el8_0.7")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"systemd-journal-remote-debuginfo-239-13.el8_0.7")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-journal-remote-debuginfo-239-13.el8_0.7")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"systemd-libs-239-13.el8_0.7")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-libs-239-13.el8_0.7")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"systemd-libs-debuginfo-239-13.el8_0.7")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-libs-debuginfo-239-13.el8_0.7")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-pam-239-13.el8_0.7")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"systemd-pam-debuginfo-239-13.el8_0.7")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-pam-debuginfo-239-13.el8_0.7")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-tests-239-13.el8_0.7")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"systemd-tests-debuginfo-239-13.el8_0.7")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-tests-debuginfo-239-13.el8_0.7")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-udev-239-13.el8_0.7")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"systemd-udev-debuginfo-239-13.el8_0.7")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"systemd-udev-debuginfo-239-13.el8_0.7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd / systemd-container / systemd-container-debuginfo / etc"); } }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-0575.NASL description An update for systemd is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * systemd: use-after-free when asynchronous polkit queries are performed (CVE-2020-1712) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * systemd: systemctl reload command breaks ordering dependencies between units (BZ#1781712) last seen 2020-06-01 modified 2020-06-02 plugin id 134030 published 2020-02-25 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134030 title RHEL 8 : systemd (RHSA-2020:0575) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-2_0-0235_SYSTEMD.NASL description An update of the systemd package has been released. last seen 2020-05-08 modified 2020-05-05 plugin id 136335 published 2020-05-05 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136335 title Photon OS 2.0: Systemd PHSA-2020-2.0-0235 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2020-0575.NASL description From Red Hat Security Advisory 2020:0575 : An update for systemd is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * systemd: use-after-free when asynchronous polkit queries are performed (CVE-2020-1712) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * systemd: systemctl reload command breaks ordering dependencies between units (BZ#1781712) last seen 2020-04-16 modified 2020-02-26 plugin id 134058 published 2020-02-26 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134058 title Oracle Linux 8 : systemd (ELSA-2020-0575) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0353-1.NASL description This update for systemd provides the following fixes : CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. sd-bus: Deal with cookie overruns. (bsc#1150595) rules: Add by-id symlinks for persistent memory. (bsc#1140631) Drop the old fds used for logging and reopen them in the sub process before doing any new logging. (bsc#1154948) Fix warnings thrown during package installation (bsc#1154043) Fix for systemctl hanging by restart. (bsc#1139459) man: mention that alias names are only effective after last seen 2020-04-16 modified 2020-02-07 plugin id 133547 published 2020-02-07 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133547 title SUSE SLES12 Security Update : systemd (SUSE-SU-2020:0353-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1301.NASL description According to the version of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.(CVE-2020-1712) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-03 modified 2020-03-23 plugin id 134793 published 2020-03-23 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134793 title EulerOS 2.0 SP8 : systemd (EulerOS-SA-2020-1301) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202003-20.NASL description The remote host is affected by the vulnerability described in GLSA-202003-20 (systemd: Heap use-after-free) It was found that systemd incorrectly handled certain Polkit queries. Impact : A local unprivileged user, by sending a specially crafted Polkit query, could possibly execute arbitrary code with the privileges of the process, escalate privileges or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-04-16 modified 2020-03-16 plugin id 134597 published 2020-03-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134597 title GLSA-202003-20 : systemd: Heap use-after-free NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4269-1.NASL description It was discovered that systemd incorrectly handled certain PIDFile files. A local attacker could possibly use this issue to trick systemd into killing privileged processes. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-16888) It was discovered that systemd incorrectly handled certain udevadm trigger commands. A local attacker could possibly use this issue to cause systemd to consume resources, leading to a denial of service. (CVE-2019-20386) Jann Horn discovered that systemd incorrectly handled services that use the DynamicUser property. A local attacker could possibly use this issue to access resources owned by a different service in the future. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-3843, CVE-2019-3844) Tavis Ormandy discovered that systemd incorrectly handled certain Polkit queries. A local attacker could use this issue to cause systemd to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges. (CVE-2020-1712). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 133523 published 2020-02-06 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133523 title Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : systemd vulnerabilities (USN-4269-1) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-3_0-0083_SYSTEMD.NASL description An update of the systemd package has been released. last seen 2020-05-03 modified 2020-04-29 plugin id 136097 published 2020-04-29 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136097 title Photon OS 3.0: Systemd PHSA-2020-3.0-0083 NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0335-1.NASL description This update for systemd fixes the following issues : CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. Use suse.pool.ntp.org server pool on SLE distros (jsc#SLE-7683) libblkid: open device in nonblock mode. (bsc#1084671) udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) bus_open leak sd_event_source when udevadm trigger。 (bsc#1161436 CVE-2019-20386) fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (bsc#1133495 bsc#1159814) fileio: initialize errno to zero before we do fread() fileio: try to read one byte too much in read_full_stream() logind: consider last seen 2020-04-16 modified 2020-02-07 plugin id 133540 published 2020-02-07 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133540 title SUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2020:0335-1) NASL family Fedora Local Security Checks NASL id FEDORA_2020-F8E267D6D0.NASL description A few bugfixes and hwdb update. No need to log out or reboot. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-04-16 modified 2020-02-24 plugin id 133893 published 2020-02-24 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133893 title Fedora 30 : systemd (2020-f8e267d6d0) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2020-1388.NASL description A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages. (CVE-2020-1712) last seen 2020-04-16 modified 2020-02-10 plugin id 133552 published 2020-02-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133552 title Amazon Linux 2 : systemd (ALAS-2020-1388) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0331-1.NASL description This update for systemd fixes the following issues : CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. Unconfirmed fix for prevent hanging of systemctl during restart. (bsc#1139459) Fix warnings thrown during package installation. (bsc#1154043) Fix for system-udevd prevent crash within OES2018. (bsc#1151506) Fragments of masked units ought not be considered for last seen 2020-04-16 modified 2020-02-06 plugin id 133520 published 2020-02-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133520 title SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2020:0331-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-208.NASL description This update for systemd fixes the following issues : - CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. - Use suse.pool.ntp.org server pool on SLE distros (jsc#SLE-7683) - libblkid: open device in nonblock mode. (bsc#1084671) - udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) - bus_open leak sd_event_source when udevadm trigger。 (bsc#1161436 CVE-2019-20386) - fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (bsc#1133495 bsc#1159814) - fileio: initialize errno to zero before we do fread() - fileio: try to read one byte too much in read_full_stream() - logind: consider last seen 2020-04-16 modified 2020-02-13 plugin id 133666 published 2020-02-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133666 title openSUSE Security Update : systemd (openSUSE-2020-208) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1331.NASL description According to the version of the systemd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.(CVE-2020-1712) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-04-16 modified 2020-04-02 plugin id 135118 published 2020-04-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135118 title EulerOS Virtualization for ARM 64 3.0.6.0 : systemd (EulerOS-SA-2020-1331)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2
- https://www.openwall.com/lists/oss-security/2020/02/05/1
- https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1712
- https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb
- https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d
- https://lists.debian.org/debian-lts-announce/2022/06/msg00025.html