Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALAS-2021-1647.NASL
HistoryJun 24, 2021 - 12:00 a.m.

Amazon Linux 2 : systemd (ALAS-2021-1647)

2021-06-2400:00:00
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
67

7.8 High

AI Score

Confidence

Low

JSON

The version of systemd installed on the remote host is prior to 219-78. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1647 advisory.

  • A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.
    (CVE-2018-15686)

  • An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable. (CVE-2018-16864)

  • An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ‘:’. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable. (CVE-2018-16866)

  • An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur. (CVE-2019-20386)

  • A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux.
    Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the _CMDLINE= entry. A local attacker may use this flaw to make systemd- journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.
    (CVE-2019-3815)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2021-1647.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(150993);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/12");

  script_cve_id(
    "CVE-2018-15686",
    "CVE-2018-16864",
    "CVE-2018-16866",
    "CVE-2019-3815",
    "CVE-2019-20386"
  );
  script_xref(name:"ALAS", value:"2021-1647");

  script_name(english:"Amazon Linux 2 : systemd (ALAS-2021-1647)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of systemd installed on the remote host is prior to 219-78. It is, therefore, affected by multiple
vulnerabilities as referenced in the ALAS2-2021-1647 advisory.

  - A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd
    re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly
    lead to root privilege escalation. Affected releases are systemd versions up to and including 239.
    (CVE-2018-15686)

  - An allocation of memory without limits, that could result in the stack clashing with another memory
    region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A
    local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through
    v240 are vulnerable. (CVE-2018-16864)

  - An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate
    with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221
    to v239 are vulnerable. (CVE-2018-16866)

  - An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the
    udevadm trigger command, a memory leak may occur. (CVE-2019-20386)

  - A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux.
    Function dispatch_message_real() in journald-server.c does not free the memory allocated by
    set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-
    journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.
    (CVE-2019-3815)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2021-1647.html");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2018-15686");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2018-16866");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-20386");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-3815");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update systemd' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-15686");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2018-16864");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/06/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/06/24");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libgudev1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libgudev1-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:systemd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:systemd-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:systemd-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:systemd-journal-gateway");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:systemd-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:systemd-networkd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:systemd-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:systemd-resolved");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:systemd-sysv");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

pkgs = [
    {'reference':'libgudev1-219-78.amzn2.0.14', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libgudev1-219-78.amzn2.0.14', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libgudev1-219-78.amzn2.0.14', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libgudev1-devel-219-78.amzn2.0.14', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libgudev1-devel-219-78.amzn2.0.14', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libgudev1-devel-219-78.amzn2.0.14', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'systemd-219-78.amzn2.0.14', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'systemd-219-78.amzn2.0.14', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'systemd-219-78.amzn2.0.14', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'systemd-debuginfo-219-78.amzn2.0.14', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'systemd-debuginfo-219-78.amzn2.0.14', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'systemd-debuginfo-219-78.amzn2.0.14', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'systemd-devel-219-78.amzn2.0.14', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'systemd-devel-219-78.amzn2.0.14', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'systemd-devel-219-78.amzn2.0.14', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'systemd-journal-gateway-219-78.amzn2.0.14', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'systemd-journal-gateway-219-78.amzn2.0.14', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'systemd-journal-gateway-219-78.amzn2.0.14', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'systemd-libs-219-78.amzn2.0.14', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'systemd-libs-219-78.amzn2.0.14', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'systemd-libs-219-78.amzn2.0.14', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'systemd-networkd-219-78.amzn2.0.14', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'systemd-networkd-219-78.amzn2.0.14', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'systemd-networkd-219-78.amzn2.0.14', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'systemd-python-219-78.amzn2.0.14', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'systemd-python-219-78.amzn2.0.14', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'systemd-python-219-78.amzn2.0.14', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'systemd-resolved-219-78.amzn2.0.14', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'systemd-resolved-219-78.amzn2.0.14', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'systemd-resolved-219-78.amzn2.0.14', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'systemd-sysv-219-78.amzn2.0.14', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'systemd-sysv-219-78.amzn2.0.14', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'systemd-sysv-219-78.amzn2.0.14', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}
];

flag = 0;
foreach package_array ( pkgs ) {
  reference = NULL;
  release = NULL;
  cpu = NULL;
  el_string = NULL;
  rpm_spec_vers_cmp = NULL;
  allowmaj = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) release = package_array['release'];
  if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (reference && release) {
    if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libgudev1 / libgudev1-devel / systemd / etc");
}
VendorProductVersionCPE
amazonlinuxlibgudev1p-cpe:/a:amazon:linux:libgudev1
amazonlinuxlibgudev1-develp-cpe:/a:amazon:linux:libgudev1-devel
amazonlinuxsystemdp-cpe:/a:amazon:linux:systemd
amazonlinuxsystemd-debuginfop-cpe:/a:amazon:linux:systemd-debuginfo
amazonlinuxsystemd-develp-cpe:/a:amazon:linux:systemd-devel
amazonlinuxsystemd-journal-gatewayp-cpe:/a:amazon:linux:systemd-journal-gateway
amazonlinuxsystemd-libsp-cpe:/a:amazon:linux:systemd-libs
amazonlinuxsystemd-networkdp-cpe:/a:amazon:linux:systemd-networkd
amazonlinuxsystemd-pythonp-cpe:/a:amazon:linux:systemd-python
amazonlinuxsystemd-resolvedp-cpe:/a:amazon:linux:systemd-resolved
Rows per page:
1-10 of 121

Related

amazon 3
nessus 64
openvas 36
redhat 11
ibm 4
debiancve 5
ubuntucve 5
prion 5
debian 3
cve 5
redhatcve 5
f5 4
osv 8
centos 3
fedora 6
myhack58 1
suse 5
ubuntu 1
zdt 3
cloudfoundry 1
thn 1
gentoo 1
oraclelinux 4
cbl_mariner 4
veracode 5
packetstorm 1
checkpoint_advisories 1
mageia 1
photon 1
altlinux 1
archlinux 1
amazon
amazon
Medium: systemd
2021-06-16 20:36:00
Important: systemd
2021-05-20 17:00:00
Important: systemd
2019-01-07 21:58:00
nessus
nessus
Amazon Linux 2 : systemd (ALAS-2021-1643) (deprecated)
2021-05-24 00:00:00
RHEL 7 : systemd (RHSA-2020:1264)
2020-04-01 00:00:00
Oracle Linux 7 : systemd (ELSA-2019-0201)
2019-01-31 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-1711-1)
2019-03-12 00:00:00
Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2019-1345)
2020-01-23 00:00:00
CentOS Update for libgudev1-219-62.el7_ CESA-2019:0201 centos7
2019-02-02 00:00:00
redhat
redhat
(RHSA-2020:1264) Moderate: systemd security and bug fix update
2020-04-01 07:32:50
(RHSA-2020:0593) Moderate: systemd security update
2020-02-25 11:32:36
(RHSA-2019:0201) Low: systemd security update
2019-01-29 15:23:32
ibm
ibm
Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2019-3815)
2020-01-29 16:31:33
Security Bulletin: IBM MQ Advanced Cloud Paks are vulnerable to multiple issues with in the Systemd package (CVE-2018-16866 CVE-2018-16864 CVE-2018-16865)
2019-02-08 23:15:01
Security Bulletin: IBM MQ Appliance is affected by a systemd vulnerability (CVE-2019-20386)
2021-03-03 15:55:01
debiancve
debiancve
CVE-2019-3815
2019-01-28 15:29:00
CVE-2019-20386
2020-01-21 06:15:00
CVE-2018-15686
2018-10-26 14:29:00
ubuntucve
ubuntucve
CVE-2019-3815
2019-01-28 00:00:00
CVE-2019-20386
2020-01-21 00:00:00
CVE-2018-16866
2019-01-11 00:00:00
prion
prion
Memory corruption
2019-01-28 15:29:00
Memory corruption
2020-01-21 06:15:00
Design/Logic Flaw
2019-01-11 19:29:00
debian
debian
[SECURITY] [DLA 1711-1] systemd security update
2019-03-13 12:45:45
[SECURITY] [DSA 4367-1] systemd security update
2019-01-13 21:56:20
[SECURITY] [DSA 4367-1] systemd security update
2019-01-13 21:56:20
cve
cve
CVE-2019-3815
2019-01-28 15:29:00
CVE-2019-20386
2020-01-21 06:15:00
CVE-2018-16866
2019-01-11 19:29:00
redhatcve
redhatcve
CVE-2019-3815
2019-01-16 21:49:41
CVE-2019-20386
2020-01-22 12:39:08
CVE-2018-15686
2022-01-13 06:42:08
f5
f5
K22040951 : systemd-journald vulnerability CVE-2019-3815
2020-03-23 00:00:00
K40356136 : systemd vulnerability CVE-2018-15686
2020-11-30 00:00:00
K30683410 : systemd vulnerability CVE-2018-16866
2019-02-21 00:00:00
osv
osv
CVE-2019-3815
2019-01-28 15:29:00
systemd - security update
2019-01-13 00:00:00
CVE-2019-20386
2020-01-21 06:15:11
centos
centos
libgudev1, systemd security update
2019-02-01 23:12:55
libgudev1, systemd security update
2019-08-30 04:25:11
libgudev1, systemd security update
2020-10-20 19:02:15
fedora
fedora
[SECURITY] Fedora 29 Update: systemd-239-8.gite339eae.fc29
2019-01-13 02:32:41
[SECURITY] Fedora 29 Update: systemd-239-11.git4dc7dce.fc29
2019-02-11 01:57:56
[SECURITY] Fedora 28 Update: systemd-238-11.gita76ee90.fc28
2019-02-18 01:26:53
myhack58
myhack58
Linux 3 a serious vulnerability systemd, may lead to data breaches-vulnerability warning-the black bar safety net
2019-01-16 00:00:00
suse
suse
Security update for systemd (moderate)
2019-01-29 00:00:00
Security update for systemd (important)
2019-01-29 00:00:00
Security update for systemd (important)
2020-02-11 00:00:00
ubuntu
ubuntu
systemd vulnerabilities
2019-01-11 00:00:00
zdt
zdt
systemd-journald Memory Corruption / Information Leak Vulnerability
2019-01-11 00:00:00
systemd - reexec State Injection Exploit
2018-10-29 00:00:00
Linux systemd Line Splitting Exploit
2018-10-26 00:00:00
cloudfoundry
cloudfoundry
USN-3855-1: systemd vulnerabilities | Cloud Foundry
2019-01-24 00:00:00
thn
thn
New Systemd Privilege Escalation Flaws Affect Most Linux Distributions
2019-01-10 12:18:00
gentoo
gentoo
systemd: Multiple vulnerabilities
2019-03-10 00:00:00
oraclelinux
oraclelinux
systemd security, bug fix, and enhancement update
2019-08-13 00:00:00
systemd security, bug fix, and enhancement update
2020-11-10 00:00:00
systemd security and bug fix update
2020-10-06 00:00:00
cbl_mariner
cbl_mariner
CVE-2019-20386 affecting package systemd 239-44
2020-11-30 19:30:44
CVE-2018-15686 affecting package systemd 239-44
2020-09-09 06:09:21
CVE-2018-16866 affecting package systemd 239-44
2020-09-09 06:09:21
veracode
veracode
Denial Of Service (DoS)
2020-01-23 08:31:05
Privilege Escalation
2018-10-29 07:34:47
Denial Of Service (DoS)
2019-05-16 03:56:08
packetstorm
packetstorm
Linux systemd Line Splitting
2018-10-26 00:00:00
checkpoint_advisories
checkpoint_advisories
Systemd journald Privilege Escalation (CVE-2018-16864)
2020-09-05 00:00:00
mageia
mageia
Updated systemd packages fix security vulnerabilities
2020-02-22 02:06:01
photon
photon
Important Photon OS Security Update - PHSA-2020-0059
2020-02-20 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package systemd version 1:240-alt3
2019-01-08 00:00:00
archlinux
archlinux
[ASA-201901-4] systemd: multiple issues
2019-01-08 00:00:00

7.8 High

AI Score

Confidence

Low

JSON
Related for AL2_ALAS-2021-1647.NASL
amazon3nessus64openvas36redhat11ibm4debiancve5ubuntucve5prion5debian3cve5redhatcve5f54osv8centos3fedora6myhack581suse5ubuntu1zdt3cloudfoundry1thn1gentoo1oraclelinux4cbl_mariner4veracode5packetstorm1checkpoint_advisories1mageia1photon1altlinux1archlinux1