Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALAS-2021-1643.NASL
HistoryMay 24, 2021 - 12:00 a.m.

Amazon Linux 2 : systemd (ALAS-2021-1643) (deprecated)

2021-05-2400:00:00
This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
56
JSON

The version of systemd installed on the remote host is prior to 219-78. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1643 advisory.

  • A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.
    (CVE-2018-15686)

  • An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable. (CVE-2018-16864)

  • An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ‘:’. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable. (CVE-2018-16866)

  • It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.
    (CVE-2018-16888)

  • An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur. (CVE-2019-20386)

  • A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux.
    Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the _CMDLINE= entry. A local attacker may use this flaw to make systemd- journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.
    (CVE-2019-3815)

  • An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic). (CVE-2019-6454)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable Network Security, Inc.
#
# # @DEPRECATED@
#
# Disabled on 2021-05-31 due to Amazon pulling the previsouly published advisory.
#                                  
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1643.
##
##

include('deprecated_nasl_level.inc');

include('compat.inc');

if (description)
{
  script_id(149869);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/06/11");

  script_cve_id(
    "CVE-2018-15686",
    "CVE-2018-16864",
    "CVE-2018-16866",
    "CVE-2018-16888",
    "CVE-2019-3815",
    "CVE-2019-6454",
    "CVE-2019-20386"
  );
  script_xref(name:"ALAS", value:"2021-1643");

  script_name(english:"Amazon Linux 2 : systemd (ALAS-2021-1643) (deprecated)");

  script_set_attribute(attribute:"synopsis", value:
"This plugin has been deprecated.");
  script_set_attribute(attribute:"description", value:
"The version of systemd installed on the remote host is prior to 219-78. It is, therefore, affected by multiple
vulnerabilities as referenced in the ALAS2-2021-1643 advisory.

  - A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd
    re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly
    lead to root privilege escalation. Affected releases are systemd versions up to and including 239.
    (CVE-2018-15686)

  - An allocation of memory without limits, that could result in the stack clashing with another memory
    region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A
    local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through
    v240 are vulnerable. (CVE-2018-16864)

  - An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate
    with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221
    to v239 are vulnerable. (CVE-2018-16866)

  - It was discovered systemd does not correctly check the content of PIDFile files before using it to kill
    processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a
    local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick
    systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.
    (CVE-2018-16888)

  - An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the
    udevadm trigger command, a memory leak may occur. (CVE-2019-20386)

  - A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux.
    Function dispatch_message_real() in journald-server.c does not free the memory allocated by
    set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-
    journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.
    (CVE-2019-3815)

  - An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c
    allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus
    messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1,
    causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a
    denial of service (systemd PID1 crash and kernel panic). (CVE-2019-6454)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2021-1643.html"); # advisory removed
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2018-15686");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2018-16866");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2018-16888");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-20386");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-3815");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-6454");
  script_set_attribute(attribute:"solution", value:
"n/a");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-15686");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/05/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/05/24");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libgudev1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libgudev1-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:systemd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:systemd-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:systemd-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:systemd-journal-gateway");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:systemd-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:systemd-networkd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:systemd-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:systemd-resolved");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:systemd-sysv");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

exit(0, 'This plugin has been deprecated due to Amazon pulling the previously published advisory.');
VendorProductVersionCPE
amazonlinuxlibgudev1p-cpe:/a:amazon:linux:libgudev1
amazonlinuxlibgudev1-develp-cpe:/a:amazon:linux:libgudev1-devel
amazonlinuxsystemdp-cpe:/a:amazon:linux:systemd
amazonlinuxsystemd-debuginfop-cpe:/a:amazon:linux:systemd-debuginfo
amazonlinuxsystemd-develp-cpe:/a:amazon:linux:systemd-devel
amazonlinuxsystemd-journal-gatewayp-cpe:/a:amazon:linux:systemd-journal-gateway
amazonlinuxsystemd-libsp-cpe:/a:amazon:linux:systemd-libs
amazonlinuxsystemd-networkdp-cpe:/a:amazon:linux:systemd-networkd
amazonlinuxsystemd-pythonp-cpe:/a:amazon:linux:systemd-python
amazonlinuxsystemd-resolvedp-cpe:/a:amazon:linux:systemd-resolved
Rows per page:
1-10 of 121

Related

amazon 3
nessus 64
openvas 33
centos 3
redhat 7
fedora 6
oraclelinux 5
gentoo 1
prion 6
debian 3
cve 6
ibm 6
debiancve 6
ubuntucve 6
redhatcve 7
f5 3
osv 8
myhack58 1
suse 3
ubuntu 2
thn 1
zdt 3
cloudfoundry 2
veracode 7
cbl_mariner 4
packetstorm 1
checkpoint_advisories 1
altlinux 1
amazon
amazon
Important: systemd
2021-05-20 17:00:00
Medium: systemd
2021-06-16 20:36:00
Important: systemd
2019-01-07 21:58:00
nessus
nessus
Amazon Linux 2 : systemd (ALAS-2021-1647)
2021-06-24 00:00:00
NewStart CGSL CORE 5.04 / MAIN 5.04 : systemd Multiple Vulnerabilities (NS-SA-2019-0196)
2019-10-15 00:00:00
CentOS 7 : systemd (CESA-2019:2091)
2019-08-30 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2019-2232)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2020-1216)
2020-03-13 00:00:00
Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2020-1451)
2020-04-16 00:00:00
centos
centos
libgudev1, systemd security update
2019-08-30 04:25:11
libgudev1, systemd security update
2019-02-01 23:12:55
libgudev1, systemd security update
2020-10-20 19:02:15
redhat
redhat
(RHSA-2019:2091) Moderate: systemd security, bug fix, and enhancement update
2019-08-06 07:59:50
(RHSA-2020:1264) Moderate: systemd security and bug fix update
2020-04-01 07:32:50
(RHSA-2020:0593) Moderate: systemd security update
2020-02-25 11:32:36
fedora
fedora
[SECURITY] Fedora 29 Update: systemd-239-12.git8bca462.fc29
2019-02-22 03:14:37
[SECURITY] Fedora 28 Update: systemd-238-12.git07f8cd5.fc28
2019-03-08 21:40:23
[SECURITY] Fedora 29 Update: systemd-239-14.git33ccd62.fc29
2019-09-19 01:53:44
oraclelinux
oraclelinux
systemd security, bug fix, and enhancement update
2019-08-13 00:00:00
systemd security, bug fix, and enhancement update
2020-11-10 00:00:00
systemd security and bug fix update
2020-10-06 00:00:00
gentoo
gentoo
systemd: Multiple vulnerabilities
2019-03-10 00:00:00
prion
prion
Memory corruption
2019-01-28 15:29:00
Code injection
2019-01-14 22:29:00
Memory corruption
2020-01-21 06:15:00
debian
debian
[SECURITY] [DLA 1711-1] systemd security update
2019-03-13 12:45:45
[SECURITY] [DSA 4367-1] systemd security update
2019-01-13 21:56:20
[SECURITY] [DSA 4367-1] systemd security update
2019-01-13 21:56:20
cve
cve
CVE-2019-3815
2019-01-28 15:29:00
CVE-2019-20386
2020-01-21 06:15:00
CVE-2018-16888
2019-01-14 22:29:00
ibm
ibm
Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2019-3815)
2020-01-29 16:31:33
Security Bulletin: Vulnerabiliies in systemd affect PowerKVM
2019-03-04 05:50:01
Security Bulletin: IBM MQ Advanced Cloud Paks are vulnerable to multiple issues with in the Systemd package (CVE-2018-16866 CVE-2018-16864 CVE-2018-16865)
2019-02-08 23:15:01
debiancve
debiancve
CVE-2019-3815
2019-01-28 15:29:00
CVE-2018-16888
2019-01-14 22:29:00
CVE-2019-20386
2020-01-21 06:15:00
ubuntucve
ubuntucve
CVE-2019-3815
2019-01-28 00:00:00
CVE-2019-20386
2020-01-21 00:00:00
CVE-2018-16888
2019-01-14 00:00:00
redhatcve
redhatcve
CVE-2019-3815
2019-01-16 21:49:41
CVE-2018-16888
2019-01-02 13:19:49
CVE-2019-20386
2020-01-22 12:39:08
f5
f5
K22040951 : systemd-journald vulnerability CVE-2019-3815
2020-03-23 00:00:00
K40356136 : systemd vulnerability CVE-2018-15686
2020-11-30 00:00:00
K30683410 : systemd vulnerability CVE-2018-16866
2019-02-21 00:00:00
osv
osv
CVE-2019-3815
2019-01-28 15:29:00
systemd - security update
2019-01-13 00:00:00
CVE-2018-16888
2019-01-14 22:29:00
myhack58
myhack58
Linux 3 a serious vulnerability systemd, may lead to data breaches-vulnerability warning-the black bar safety net
2019-01-16 00:00:00
suse
suse
Security update for systemd (moderate)
2019-01-29 00:00:00
Security update for systemd (important)
2019-01-29 00:00:00
Security update for systemd (important)
2019-02-27 00:00:00
ubuntu
ubuntu
systemd vulnerabilities
2019-01-11 00:00:00
systemd vulnerabilities
2020-02-05 00:00:00
thn
thn
New Systemd Privilege Escalation Flaws Affect Most Linux Distributions
2019-01-10 12:18:00
zdt
zdt
systemd-journald Memory Corruption / Information Leak Vulnerability
2019-01-11 00:00:00
systemd - reexec State Injection Exploit
2018-10-29 00:00:00
Linux systemd Line Splitting Exploit
2018-10-26 00:00:00
cloudfoundry
cloudfoundry
USN-3855-1: systemd vulnerabilities | Cloud Foundry
2019-01-24 00:00:00
USN-4269-1: systemd vulnerabilities | Cloud Foundry
2020-02-20 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-04 02:50:51
Denial Of Service (DoS)
2020-01-23 08:31:05
Privilege Escalation
2018-10-29 07:34:47
cbl_mariner
cbl_mariner
CVE-2019-20386 affecting package systemd 239-44
2020-11-30 19:30:44
CVE-2018-15686 affecting package systemd 239-44
2020-09-09 06:09:21
CVE-2018-16866 affecting package systemd 239-44
2020-09-09 06:09:21
packetstorm
packetstorm
Linux systemd Line Splitting
2018-10-26 00:00:00
checkpoint_advisories
checkpoint_advisories
Systemd journald Privilege Escalation (CVE-2018-16864)
2020-09-05 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package systemd version 1:241-alt2
2019-02-19 00:00:00
JSON
Related for AL2_ALAS-2021-1643.NASL
amazon3nessus64openvas33centos3redhat7fedora6oraclelinux5gentoo1prion6debian3cve6ibm6debiancve6ubuntucve6redhatcve7f53osv8myhack581suse3ubuntu2thn1zdt3cloudfoundry2veracode7cbl_mariner4packetstorm1checkpoint_advisories1altlinux1