Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2020-2221.NASLHistoryOct 21, 2020 - 12:00 a.m.
EulerOS Virtualization 3.0.2.2 : systemd (EulerOS-SA-2020-2221)
2020-10-2100:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
7.5 High
AI Score
Confidence
High
According to the version of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :
- systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.(CVE-2018-6954)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(141672);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/14");
script_cve_id("CVE-2018-6954");
script_name(english:"EulerOS Virtualization 3.0.2.2 : systemd (EulerOS-SA-2020-2221)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the version of the systemd packages installed, the
EulerOS Virtualization installation on the remote host is affected by
the following vulnerability :
- systemd-tmpfiles in systemd through 237 mishandles
symlinks present in non-terminal path components, which
allows local users to obtain ownership of arbitrary
files via vectors involving creation of a directory and
a file under that directory, and later replacing that
directory with a symlink. This occurs even if the
fs.protected_symlinks sysctl is turned
on.(CVE-2018-6954)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2221
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?84e65f7b");
script_set_attribute(attribute:"solution", value:
"Update the affected systemd package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-6954");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2020/10/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/10/21");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-sysv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:systemd-udev-compat");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.2.2") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.2");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["systemd-219-62.5.h105",
"systemd-libs-219-62.5.h105",
"systemd-sysv-219-62.5.h105",
"systemd-udev-compat-219-62.5.h105"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| huawei | euleros | systemd | p-cpe:/a:huawei:euleros:systemd |
| huawei | euleros | systemd-libs | p-cpe:/a:huawei:euleros:systemd-libs |
| huawei | euleros | systemd-sysv | p-cpe:/a:huawei:euleros:systemd-sysv |
| huawei | euleros | systemd-udev-compat | p-cpe:/a:huawei:euleros:systemd-udev-compat |
| huawei | euleros | uvp | cpe:/o:huawei:euleros:uvp:3.0.2.2 |
Related
photon
photon
nessus
nessus
EulerOS 2.0 SP2 : systemd (EulerOS-SA-2019-1872)
2019-09-17 00:00:00
Photon OS 2.0: Systemd PHSA-2019-2.0-0166
2019-07-04 00:00:00
Photon OS 1.0: Systemd PHSA-2019-1.0-0220
2019-05-15 00:00:00
osv
osv
CVE-2018-6954
2018-02-13 20:29:00
cve
cve
CVE-2018-6954
2018-02-13 20:29:00
prion
prion
Design/Logic Flaw
2018-02-13 20:29:00
ubuntucve
ubuntucve
CVE-2018-6954
2018-02-13 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2019-1872)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2020-2221)
2020-10-21 00:00:00
Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2019-1923)
2020-01-23 00:00:00
redhatcve
redhatcve
CVE-2018-6954
2018-02-14 04:49:04
debiancve
debiancve
CVE-2018-6954
2018-02-13 20:29:00
archlinux
archlinux
[ASA-201901-4] systemd: multiple issues
2019-01-08 00:00:00
cloudfoundry
cloudfoundry
USN-3816-2: systemd vulnerability | Cloud Foundry
2018-12-06 00:00:00
USN-3816-3: systemd regression | Cloud Foundry
2018-12-06 00:00:00
USN-3816-1: systemd vulnerabilities | Cloud Foundry
2018-11-20 00:00:00
suse
suse
Security update for systemd (important)
2019-05-28 00:00:00
Security update for systemd (important)
2019-01-29 00:00:00
ubuntu
ubuntu
systemd regression
2018-11-27 00:00:00
systemd vulnerabilities
2018-11-12 00:00:00
systemd vulnerability
2018-11-19 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1982
2021-07-02 18:13:58