{"id": "FEDORA_2019-D5BD5F0AA4.NASL", "bulletinFamily": "scanner", "title": "Fedora 31 : systemd (2019-d5bd5f0aa4)", "description": " - Update to latest release\n\n - Emission of Session property-changed notifications from\n logind is fixed (this was breaking the switching of\n sessions to and from gnome).\n\n - Security issue: unprivileged users were allowed to\n change DNS servers configured in systemd-resolved. Now\n proper polkit authorization is required\n (CVE-2019-15718).\n\nSwitching ttys will work again after reboot. Otherwise, no log out or\nreboot is required.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "published": "2019-10-07T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "href": "https://www.tenable.com/plugins/nessus/129651", "reporter": "This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2019-d5bd5f0aa4"], "cvelist": ["CVE-2019-15718"], "type": "nessus", "lastseen": "2021-01-01T02:27:42", "edition": 17, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-15718"]}, {"type": "fedora", "idList": ["FEDORA:26FDC602DC2F", "FEDORA:E277F6048D5E", "FEDORA:E66CE6076F5E"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2019-3592.NASL", "EULEROS_SA-2019-2121.NASL", "UBUNTU_USN-4120-1.NASL", "FEDORA_2019-24E1D561E5.NASL", "EULEROS_SA-2020-1054.NASL", "FEDORA_2019-8A7DFDF1F3.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310876755", "OPENVAS:1361412562311220201054", "OPENVAS:1361412562310876816", "OPENVAS:1361412562310844162", "OPENVAS:1361412562310877186", "OPENVAS:1361412562311220192121"]}, {"type": "redhat", "idList": ["RHSA-2020:4298", "RHSA-2019:3592", "RHSA-2019:3941"]}, {"type": "archlinux", "idList": ["ASA-201910-3"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-3592"]}, {"type": "ubuntu", "idList": ["USN-4120-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:3A7A092EC0FB5C0D4211DE77DD6E9EC9", "CFOUNDRY:860FF24D1F832AE34A966FD256298C1E"]}], "modified": "2021-01-01T02:27:42", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2021-01-01T02:27:42", "rev": 2}, "vulnersScore": 5.4}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-d5bd5f0aa4.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129651);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/19\");\n\n script_cve_id(\"CVE-2019-15718\");\n script_xref(name:\"FEDORA\", value:\"2019-d5bd5f0aa4\");\n\n script_name(english:\"Fedora 31 : systemd (2019-d5bd5f0aa4)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Update to latest release\n\n - Emission of Session property-changed notifications from\n logind is fixed (this was breaking the switching of\n sessions to and from gnome).\n\n - Security issue: unprivileged users were allowed to\n change DNS servers configured in systemd-resolved. Now\n proper polkit authorization is required\n (CVE-2019-15718).\n\nSwitching ttys will work again after reboot. Otherwise, no log out or\nreboot is required.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-d5bd5f0aa4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected systemd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"systemd-243-1.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "129651", "cpe": ["p-cpe:/a:fedoraproject:fedora:systemd", "cpe:/o:fedoraproject:fedora:31"], "scheme": null, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}}

{"cve": [{"lastseen": "2020-10-03T13:38:45", "description": "In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.", "edition": 8, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-09-04T12:15:00", "title": "CVE-2019-15718", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-15718"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:freedesktop:systemd:240", "cpe:/o:fedoraproject:fedora:30", "cpe:/o:fedoraproject:fedora:31"], "id": "CVE-2019-15718", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15718", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:freedesktop:systemd:240:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-15718"], "description": "systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. systemd supports SysV and LSB init scripts and works as a replacement for sysvinit. Other parts of this package are a logging daemon, utilities to control basic system configuration like the hostname, date, locale, maintain a list of logged-in users, system accounts, runtime directories and settings, and daemons to manage simple network configuration, network time synchronization, log forwarding, and name resolution. ", "modified": "2019-09-04T20:54:52", "published": "2019-09-04T20:54:52", "id": "FEDORA:26FDC602DC2F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: systemd-243-1.fc31", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-15718", "CVE-2019-3843"], "description": "systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. systemd supports SysV and LSB init scripts and works as a replacement for sysvinit. Other parts of this package are a logging daemon, utilities to control basic system configuration like the hostname, date, locale, maintain a list of logged-in users, system accounts, runtime directories and settings, and daemons to manage simple network configuration, network time synchronization, log forwarding, and name resolution. This package was built from the 241-stable branch of systemd, commit https://github.com/systemd/systemd-stable/commit/1e19bcd. ", "modified": "2019-09-05T11:48:28", "published": "2019-09-05T11:48:28", "id": "FEDORA:E277F6048D5E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: systemd-241-12.git1e19bcd.fc30", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-15686", "CVE-2018-15688", "CVE-2018-16864", "CVE-2018-16865", "CVE-2018-16866", "CVE-2019-15718", "CVE-2019-6454"], "description": "systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. systemd supports SysV and LSB init scripts and works as a replacement for sysvinit. Other parts of this package are a logging daemon, utilities to control basic system configuration like the hostname, date, locale, maintain a list of logged-in users, system accounts, runtime directories and settings, and daemons to manage simple network configuration, network time synchronization, log forwarding, and name resolution. ", "modified": "2019-09-19T01:53:44", "published": "2019-09-19T01:53:44", "id": "FEDORA:E66CE6076F5E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: systemd-239-14.git33ccd62.fc29", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-01-14T14:48:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-15718"], "description": "The remote host is missing an update for the ", "modified": "2020-01-13T00:00:00", "published": "2020-01-09T00:00:00", "id": "OPENVAS:1361412562310877186", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877186", "type": "openvas", "title": "Fedora Update for systemd FEDORA-2019-d5bd5f0aa4", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877186\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2019-15718\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 07:30:51 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"Fedora Update for systemd FEDORA-2019-d5bd5f0aa4\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2019-d5bd5f0aa4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'systemd'\n package(s) announced via the FEDORA-2019-d5bd5f0aa4 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"systemd is a system and service manager that runs as PID 1 and starts\nthe rest of the system. It provides aggressive parallelization\ncapabilities, uses socket and D-Bus activation for starting services,\noffers on-demand starting of daemons, keeps track of processes using\nLinux control groups, maintains mount and automount points, and\nimplements an elaborate transactional dependency-based service control\nlogic. systemd supports SysV and LSB init scripts and works as a\nreplacement for sysvinit. Other parts of this package are a logging daemon,\nutilities to control basic system configuration like the hostname,\ndate, locale, maintain a list of logged-in users, system accounts,\nruntime directories and settings, and daemons to manage simple network\nconfiguration, network time synchronization, log forwarding, and name\nresolution.\");\n\n script_tag(name:\"affected\", value:\"'systemd' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd\", rpm:\"systemd~243~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-09-10T14:52:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-15718"], "description": "The remote host is missing an update for the ", "modified": "2019-09-10T00:00:00", "published": "2019-09-04T00:00:00", "id": "OPENVAS:1361412562310844162", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844162", "type": "openvas", "title": "Ubuntu Update for systemd USN-4120-1", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844162\");\n script_version(\"2019-09-10T07:33:37+0000\");\n script_cve_id(\"CVE-2019-15718\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-09-10 07:33:37 +0000 (Tue, 10 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-04 02:01:03 +0000 (Wed, 04 Sep 2019)\");\n script_name(\"Ubuntu Update for systemd USN-4120-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU19\\.04)\");\n\n script_xref(name:\"USN\", value:\"4120-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-September/005099.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'systemd'\n package(s) announced via the USN-4120-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that the systemd-resolved D-Bus interface did not\nenforce appropriate access controls. A local unprivileged user could\nexploit this to modify a system's DNS resolver settings.\");\n\n script_tag(name:\"affected\", value:\"'systemd' package(s) on Ubuntu 19.04, Ubuntu 18.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"systemd\", ver:\"237-3ubuntu10.28\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"systemd\", ver:\"240-6ubuntu5.6\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-27T18:39:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-15718"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220201054", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201054", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2020-1054)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1054\");\n script_version(\"2020-01-23T13:18:24+0000\");\n script_cve_id(\"CVE-2019-15718\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:18:24 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:18:24 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2020-1054)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.5\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1054\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1054\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'systemd' package(s) announced via the EulerOS-SA-2020-1054 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.(CVE-2019-15718)\");\n\n script_tag(name:\"affected\", value:\"'systemd' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.5.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.5.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd\", rpm:\"systemd~239~3.h64.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-container\", rpm:\"systemd-container~239~3.h64.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-devel\", rpm:\"systemd-devel~239~3.h64.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-journal-remote\", rpm:\"systemd-journal-remote~239~3.h64.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-libs\", rpm:\"systemd-libs~239~3.h64.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-pam\", rpm:\"systemd-pam~239~3.h64.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-udev\", rpm:\"systemd-udev~239~3.h64.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-udev-compat\", rpm:\"systemd-udev-compat~239~3.h64.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-27T18:38:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-15718"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192121", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192121", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2019-2121)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2121\");\n script_version(\"2020-01-23T12:35:12+0000\");\n script_cve_id(\"CVE-2019-15718\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:35:12 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:35:12 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2019-2121)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2121\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2121\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'systemd' package(s) announced via the EulerOS-SA-2019-2121 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.(CVE-2019-15718)\");\n\n script_tag(name:\"affected\", value:\"'systemd' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd\", rpm:\"systemd~239~3.h59.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-container\", rpm:\"systemd-container~239~3.h59.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-devel\", rpm:\"systemd-devel~239~3.h59.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-journal-remote\", rpm:\"systemd-journal-remote~239~3.h59.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-libs\", rpm:\"systemd-libs~239~3.h59.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-pam\", rpm:\"systemd-pam~239~3.h59.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-udev\", rpm:\"systemd-udev~239~3.h59.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-udev-compat\", rpm:\"systemd-udev-compat~239~3.h59.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-09-10T14:48:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-15718", "CVE-2019-3843"], "description": "The remote host is missing an update for the ", "modified": "2019-09-10T00:00:00", "published": "2019-09-06T00:00:00", "id": "OPENVAS:1361412562310876755", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876755", "type": "openvas", "title": "Fedora Update for systemd FEDORA-2019-24e1d561e5", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876755\");\n script_version(\"2019-09-10T08:05:24+0000\");\n script_cve_id(\"CVE-2019-15718\", \"CVE-2019-3843\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-09-10 08:05:24 +0000 (Tue, 10 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-06 02:21:39 +0000 (Fri, 06 Sep 2019)\");\n script_name(\"Fedora Update for systemd FEDORA-2019-24e1d561e5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-24e1d561e5\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'systemd'\n package(s) announced via the FEDORA-2019-24e1d561e5 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"systemd is a system and service manager that runs as PID 1 and starts\nthe rest of the system. It provides aggressive parallelization\ncapabilities, uses socket and D-Bus activation for starting services,\noffers on-demand starting of daemons, keeps track of processes using\nLinux control groups, maintains mount and automount points, and\nimplements an elaborate transactional dependency-based service control\nlogic. systemd supports SysV and LSB init scripts and works as a\nreplacement for sysvinit. Other parts of this package are a logging daemon,\nutilities to control basic system configuration like the hostname,\ndate, locale, maintain a list of logged-in users, system accounts,\nruntime directories and settings, and daemons to manage simple network\nconfiguration, network time synchronization, log forwarding, and name\nresolution.\");\n\n script_tag(name:\"affected\", value:\"'systemd' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd\", rpm:\"systemd~241~12.git1e19bcd.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-09-20T14:34:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-15686", "CVE-2019-15718", "CVE-2018-16865", "CVE-2018-16864", "CVE-2018-15687", "CVE-2019-6454", "CVE-2018-15688", "CVE-2018-16866"], "description": "The remote host is missing an update for the ", "modified": "2019-09-20T00:00:00", "published": "2019-09-19T00:00:00", "id": "OPENVAS:1361412562310876816", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876816", "type": "openvas", "title": "Fedora Update for systemd FEDORA-2019-8a7dfdf1f3", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876816\");\n script_version(\"2019-09-20T05:25:28+0000\");\n script_cve_id(\"CVE-2019-15718\", \"CVE-2019-6454\", \"CVE-2018-16865\", \"CVE-2018-16864\", \"CVE-2018-16866\", \"CVE-2018-15687\", \"CVE-2018-15686\", \"CVE-2018-15688\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-09-20 05:25:28 +0000 (Fri, 20 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-19 02:31:03 +0000 (Thu, 19 Sep 2019)\");\n script_name(\"Fedora Update for systemd FEDORA-2019-8a7dfdf1f3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-8a7dfdf1f3\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'systemd'\n package(s) announced via the FEDORA-2019-8a7dfdf1f3 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"systemd is a system and service manager that runs as PID 1 and starts\nthe rest of the system. It provides aggressive parallelization\ncapabilities, uses socket and D-Bus activation for starting services,\noffers on-demand starting of daemons, keeps track of processes using\nLinux control groups, maintains mount and automount points, and\nimplements an elaborate transactional dependency-based service control\nlogic. systemd supports SysV and LSB init scripts and works as a\nreplacement for sysvinit. Other parts of this package are a logging daemon,\nutilities to control basic system configuration like the hostname,\ndate, locale, maintain a list of logged-in users, system accounts,\nruntime directories and settings, and daemons to manage simple network\nconfiguration, network time synchronization, log forwarding, and name\nresolution.\");\n\n script_tag(name:\"affected\", value:\"'systemd' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd\", rpm:\"systemd~239~14.git33ccd62.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:40", "bulletinFamily": "unix", "cvelist": ["CVE-2019-15718"], "description": "Arch Linux Security Advisory ASA-201910-3\n=========================================\n\nSeverity: Medium\nDate : 2019-10-02\nCVE-ID : CVE-2019-15718\nPackage : systemd\nType : access restriction bypass\nRemote : No\nLink : https://security.archlinux.org/AVG-1035\n\nSummary\n=======\n\nThe package systemd before version 243.0-1 is vulnerable to access\nrestriction bypass.\n\nResolution\n==========\n\nUpgrade to 243.0-1.\n\n# pacman -Syu \"systemd>=243.0-1\"\n\nThe problem has been fixed upstream in version 243.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nAn improper authorization flaw was discovered in systemd-resolved\nbefore v234 in the way it configures the exposed DBus interface\norg.freedesktop.resolve1. An unprivileged local attacker could call all\nDBus methods, even when marked as privileged operations. An attacker\ncould abuse this flaw by changing the DNS, Search Domain, LLMNR, DNSSEC\nand other network link settings without any authorization, allowing\ncontrol of the network names resolution process and cause the system to\ncommunicate with wrong or malicious servers. Those operations should be\nperformed only by an high-privileged user.\n\nImpact\n======\n\nA local unprivileged attacker is able to change the DNS, Search Domain,\nLLMNR, DNSSEC and other network link settings without any\nauthorization, allowing control of the network names resolution process\nand cause the system to communicate with wrong or malicious servers.\n\nReferences\n==========\n\nhttps://www.openwall.com/lists/oss-security/2019/09/03/1\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1746057\nhttps://github.com/systemd/systemd/commit/d93d10c3d101a73fe70d24154fd744a48371f002\nhttps://github.com/systemd/systemd/pull/13457\nhttps://security.archlinux.org/CVE-2019-15718", "modified": "2019-10-02T00:00:00", "published": "2019-10-02T00:00:00", "id": "ASA-201910-3", "href": "https://security.archlinux.org/ASA-201910-3", "type": "archlinux", "title": "[ASA-201910-3] systemd: access restriction bypass", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}], "oraclelinux": [{"lastseen": "2019-11-21T23:25:52", "bulletinFamily": "unix", "cvelist": ["CVE-2019-15718"], "description": "[239-18.0.1]\n- fix _netdev is missing for iscsi entry in /etc/fstab (tony.l.lam@oracle.com) [Orabug: 25897792]\n- set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874]\n- allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469]\n- add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475]\n- Backport upstream patches for the new systemd-pstore tool (Eric DeVolder) [OraBug: 30230056]\n[239-18]\n- shared/but-util: drop trusted annotation from bus_open_system_watch_bind_with_description() (#1746857)\n- sd-bus: adjust indentation of comments (#1746857)\n- resolved: do not run loop twice (#1746857)\n- resolved: allow access to Set*Link and Revert methods through polkit (#1746857)\n- resolved: query polkit only after parsing the data (#1746857)\n[239-17]\n- mount: simplify /proc/self/mountinfo handler (#1696178)\n- mount: rescan /proc/self/mountinfo before processing waitid() results (#1696178)\n- swap: scan /proc/swaps before processing waitid() results (#1696178)\n- analyze-security: fix potential division by zero (#1734400)\n[239-16]\n- sd-bus: deal with cookie overruns (#1694999)\n- journal-remote: do not request Content-Length if Transfer-Encoding is chunked (#1708849)\n- journal: do not remove multiple spaces after identifier in syslog message (#1691817)\n- cryptsetup: Do not fallback to PLAIN mapping if LUKS data device set fails. (#1719153)\n- cryptsetup: call crypt_load() for LUKS only once (#1719153)\n- cryptsetup: Add LUKS2 token support. (#1719153)\n- udev/scsi_id: fix incorrect page length when get device identification VPD page (#1713227)\n- Change job mode of manager triggered restarts to JOB_REPLACE (#11456\n- bash-completion: analyze: support 'security' (#1733395)\n- man: note that journal does not validate syslog fields (#1707175)\n- rules: skip memory hotplug on ppc64 (#1713159)\n[239-15]\n- tree-wide: shorten error logging a bit (#1697893)\n- nspawn: simplify machine terminate bus call (#1697893)\n- nspawn: merge two variable declaration lines (#1697893)\n- nspawn: rework how we allocate/kill scopes (#1697893)\n- unit: enqueue cgroup empty check event if the last ref on a unit is dropped (#1697893)\n- Revert 'journal: remove journal audit socket' (#1699287)\n- journal: dont enable systemd-journald-audit.socket by default (#1699287)\n- logs-show: use grey color for de-emphasizing journal log output (#1695601)\n- units: add [Install] section to tmp.mount (#1667065)\n- nss: do not modify errno when NSS_STATUS_NOTFOUND or NSS_STATUS_SUCCESS (#1691691)\n- util.h: add new UNPROTECT_ERRNO macro (#1691691)\n- nss: unportect errno before writing to NSS *errnop (#1691691)\n- seccomp: reduce logging about failure to add syscall to seccomp (#1658691)\n- format-table: when duplicating a cell, also copy the color (#1689832)\n- format-table: optionally make specific cells clickable links (#1689832)\n- format-table: before outputting a color, check if colors are available (#1689832)\n- format-table: add option to store/format percent and uint64_t values in cells (#1689832)\n- format-table: optionally allow reversing the sort order for a column (#1689832)\n- format-table: add table_update() to update existing entries (#1689832)\n- format-table: add an API for getting the cell at a specific row/column (#1689832)\n- format-table: always underline header line (#1689832)\n- format-table: add calls to query the data in a specific cell (#1689832)\n- format-table: make sure we never call memcmp() with NULL parameters (#1689832)\n- format-table: use right field for display (#1689832)\n- format-table: add option to uppercase cells on display (#1689832)\n- format-table: never try to reuse cells that have color/url/uppercase set (#1689832)\n- locale-util: add logic to output smiley emojis at various happiness levels (#1689832)\n- analyze: add new security verb (#1689832)\n- tests: add a rudimentary fuzzer for server_process_syslog_message (#9979) (#1696224)\n- journald: make it clear that dev_kmsg_record modifies the string passed to it (#1696224)\n- journald: free the allocated memory before returning from dev_kmsg_record (#1696224)\n- tests: rework the code fuzzing journald (#1696224)\n- journald: make server_process_native_message compatible with fuzz_journald_processing_function (#1696224)\n- tests: add a fuzzer for server_process_native_message (#1696224)\n- tests: add a fuzzer for sd-ndisc (#1696224)\n- ndisc: fix two infinite loops (#1696224)\n- tests: add reproducers for several issues uncovered with fuzz-journald-syslog (#1696224)\n- tests: add a reproducer for an infinite loop in ndisc_handle_datagram (#1696224)\n- tests: add a reproducer for another infinite loop in ndisc_handle_datagram (#1696224)\n- fuzz: rename 'fuzz-corpus' directory to just 'fuzz' (#1696224)\n- test: add testcase for issue 10007 by oss-fuzz (#1696224)\n- fuzz: unify the 'fuzz-regressions' directory with the main corpus (#1696224)\n- test-bus-marshal: use cescaping instead of hexmem (#1696224)\n- meson: add -Dlog-trace to set LOG_TRACE (#1696224)\n- meson: allow building resolved and machined without nss modules (#1696224)\n- meson: drop duplicated condition (#1696224)\n- meson: use .source_root() in more places (#1696224)\n- meson: treat all fuzz cases as unit tests (#1696224)\n- fuzz-bus-message: add fuzzer for message parsing (#1696224)\n- bus-message: use structured initialization to avoid use of unitialized memory (#1696224)\n- bus-message: avoid an infinite loop on empty structures (#1696224)\n- bus-message: lets always use -EBADMSG when the message is bad (#1696224)\n- bus-message: rename function for clarity (#1696224)\n- bus-message: use define (#1696224)\n- bus: do not print (null) if the message has unknown type (#1696224)\n- bus-message: fix calculation of offsets table (#1696224)\n- bus-message: remove duplicate assignment (#1696224)\n- bus-message: fix calculation of offsets table for arrays (#1696224)\n- bus-message: drop asserts in functions which are wrappers for varargs version (#1696224)\n- bus-message: output debug information about offset troubles (#1696224)\n- bus-message: fix skipping of array fields in !gvariant messages (#1696224)\n- bus-message: also properly copy struct signature when skipping (#1696224)\n- fuzz-bus-message: add two test cases that pass now (#1696224)\n- bus-message: return -EBADMSG not -EINVAL on invalid !gvariant messages (#1696224)\n- bus-message: avoid wrap-around when using length read from message (#1696224)\n- util: do not use stack frame for parsing arbitrary inputs (#1696224)\n- travis: enable ASan and UBSan on RHEL8 (#1683319)\n- tests: keep SYS_PTRACE when running under ASan (#1683319)\n- tree-wide: various ubsan zero size memory fixes (#1683319)\n- util: introduce memcmp_safe() (#1683319)\n- test-socket-util: avoid 'memleak' reported by valgrind (#1683319)\n- sd-journal: escape binary data in match_make_string() (#1683319)\n- capability: introduce CAP_TO_MASK_CORRECTED() macro replacing CAP_TO_MASK() (#1683319)\n- sd-bus: use size_t when dealing with memory offsets (#1683319)\n- sd-bus: call cap_last_cap() only once in has_cap() (#1683319)\n- mount-point: honour AT_SYMLINK_FOLLOW correctly (#1683319)\n- travis: switch from trusty to xenial (#1683319)\n- test-socket-util: Add tests for receive_fd_iov() and friends. (#1683319)\n- socket-util: Introduce send_one_fd_iov() and receive_one_fd_iov() (#1683319)\n- core: swap order of 'n_storage_fds' and 'n_socket_fds' parameters (#1683334)\n- execute: use our usual syntax for defining bit masks (#1683334)\n- core: introduce new Type=exec service type (#1683334)\n- man: document the new Type=exec type (#1683334)\n- sd-bus: allow connecting to the pseudo-container '.host' (#1683334)\n- sd-login: lets also make sd-login understand '.host' (#1683334)\n- test: add test for Type=exec (#1683334)\n- journal-gateway: explicitly declare local variables (#1705971)\n- tools: drop unused variable (#1705971)\n- journal-gateway: use localStorage['cursor'] only when it has valid value (#1705971)\n[239-14]\n- rules: implement new memory hotplug policy (#1670728)\n- rules: add the rule that adds elevator= kernel command line parameter (#1670126)\n- bus-socket: Fix line_begins() to accept word matching full string (#1692991)\n- Refuse dbus message paths longer than BUS_PATH_SIZE_MAX limit. (#1678641)\n- Allocate temporary strings to hold dbus paths on the heap (#1678641)\n- sd-bus: if we receive an invalid dbus message, ignore and proceeed (#1678641)\n- Revert 'core: one step back again, for nspawn we actually can't wait for cgroups running empty since systemd will get exactly zero notifications about it (#1703485)", "edition": 1, "modified": "2019-11-14T00:00:00", "published": "2019-11-14T00:00:00", "id": "ELSA-2019-3592", "href": "http://linux.oracle.com/errata/ELSA-2019-3592.html", "title": "systemd security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}], "ubuntu": [{"lastseen": "2020-07-02T11:39:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-15718"], "description": "It was discovered that the systemd-resolved D-Bus interface did not \nenforce appropriate access controls. A local unprivileged user could \nexploit this to modify a system's DNS resolver settings.", "edition": 3, "modified": "2019-09-03T00:00:00", "published": "2019-09-03T00:00:00", "id": "USN-4120-1", "href": "https://ubuntu.com/security/notices/USN-4120-1", "title": "systemd vulnerability", "type": "ubuntu", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}], "cloudfoundry": [{"lastseen": "2019-10-01T00:28:48", "bulletinFamily": "software", "cvelist": ["CVE-2019-15718"], "description": "# \n\n## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 18.04\n\n## Description\n\nIt was discovered that the systemd-resolved D-Bus interface did not enforce appropriate access controls. A local unprivileged user could exploit this to modify a system\u2019s DNS resolver settings.\n\nCVEs contained in this USN include: CVE-2019-15718\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * All versions of Cloud Foundry cflinuxfs3 prior to 0.123.0\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.123.0 or later.\n\n## References\n\n * [USN-4120-1](<https://usn.ubuntu.com/4120-1>)\n * [CVE-2019-15718](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15718>)\n", "edition": 1, "modified": "2019-09-30T00:00:00", "published": "2019-09-30T00:00:00", "id": "CFOUNDRY:860FF24D1F832AE34A966FD256298C1E", "href": "https://www.cloudfoundry.org/blog/usn-4120-1/", "title": "USN-4120-1: systemd vulnerability | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-10-01T00:30:20", "bulletinFamily": "software", "cvelist": ["CVE-2019-15718"], "description": "# \n\n## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 18.04\n\n## Description\n\nUSN-4120-1 fixed a vulnerability in systemd. The update included a recent SRU from the updates pocket that introduced networking problems for some users. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nIt was discovered that the systemd-resolved D-Bus interface did not enforce appropriate access controls. A local unprivileged user could exploit this to modify a system\u2019s DNS resolver settings.\n\nCVEs contained in this USN include: CVE-2019-15718\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * All versions of Cloud Foundry cflinuxfs3 prior to 0.125.0\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.125.0 or later.\n\n## References\n\n * [USN-4120-2](<https://usn.ubuntu.com/4120-2>)\n * [CVE-2019-15718](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15718>)\n", "edition": 1, "modified": "2019-09-30T00:00:00", "published": "2019-09-30T00:00:00", "id": "CFOUNDRY:3A7A092EC0FB5C0D4211DE77DD6E9EC9", "href": "https://www.cloudfoundry.org/blog/usn-4120-2/", "title": "USN-4120-2: systemd regression | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2021-01-01T02:21:01", "description": " - Security issue: unprivileged users were allowed to\n change DNS servers configured in systemd-resolved\n (CVE-2019-15718).\n\n - Various minor fixes (memory issues, compat with newer\n kernels, log message improvements, etc.).\n\n - hwdb entries for keyboards are updated to the latest\n version\n\nNo need to log out or reboot.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 16, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-09-06T00:00:00", "title": "Fedora 30 : systemd (2019-24e1d561e5)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-15718"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:30", "p-cpe:/a:fedoraproject:fedora:systemd"], "id": "FEDORA_2019-24E1D561E5.NASL", "href": "https://www.tenable.com/plugins/nessus/128535", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-24e1d561e5.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128535);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2019-15718\");\n script_xref(name:\"FEDORA\", value:\"2019-24e1d561e5\");\n\n script_name(english:\"Fedora 30 : systemd (2019-24e1d561e5)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Security issue: unprivileged users were allowed to\n change DNS servers configured in systemd-resolved\n (CVE-2019-15718).\n\n - Various minor fixes (memory issues, compat with newer\n kernels, log message improvements, etc.).\n\n - hwdb entries for keyboards are updated to the latest\n version\n\nNo need to log out or reboot.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-24e1d561e5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected systemd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"systemd-241-12.git1e19bcd.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-01T02:24:57", "description": " - Security issue: unprivileged users were allowed to\n change DNS servers configured in systemd-resolved\n (CVE-2019-15718)\n\n - hwdb entries for keyboards are updated to the latest\n version (#1725717)\n\nNo need to log out or reboot.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-09-19T00:00:00", "title": "Fedora 29 : systemd (2019-8a7dfdf1f3)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-15718"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "p-cpe:/a:fedoraproject:fedora:systemd"], "id": "FEDORA_2019-8A7DFDF1F3.NASL", "href": "https://www.tenable.com/plugins/nessus/129030", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-8a7dfdf1f3.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129030);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/27\");\n\n script_cve_id(\"CVE-2019-15718\");\n script_xref(name:\"FEDORA\", value:\"2019-8a7dfdf1f3\");\n\n script_name(english:\"Fedora 29 : systemd (2019-8a7dfdf1f3)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Security issue: unprivileged users were allowed to\n change DNS servers configured in systemd-resolved\n (CVE-2019-15718)\n\n - hwdb entries for keyboards are updated to the latest\n version (#1725717)\n\nNo need to log out or reboot.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-8a7dfdf1f3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected systemd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"systemd-239-14.git33ccd62.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-01T05:20:21", "description": "An update for systemd is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe systemd packages contain systemd, a system and service manager for\nLinux, compatible with the SysV and LSB init scripts. It provides\naggressive parallelism capabilities, uses socket and D-Bus activation\nfor starting services, offers on-demand starting of daemons, and keeps\ntrack of processes using Linux cgroups. In addition, it supports\nsnapshotting and restoring of the system state, maintains mount and\nautomount points, and implements an elaborate transactional\ndependency-based service control logic. It can also work as a drop-in\nreplacement for sysvinit.\n\nSecurity Fix(es) :\n\n* systemd: systemd-resolved allows unprivileged users to configure DNS\n(CVE-2019-15718)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.1 Release Notes linked from the References section.", "edition": 16, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-11-06T00:00:00", "title": "RHEL 8 : systemd (RHSA-2019:3592)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-15718"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:systemd-debugsource", "p-cpe:/a:redhat:enterprise_linux:systemd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:systemd-tests-debuginfo", "p-cpe:/a:redhat:enterprise_linux:systemd-pam-debuginfo", "p-cpe:/a:redhat:enterprise_linux:systemd-tests", "p-cpe:/a:redhat:enterprise_linux:systemd-container-debuginfo", "p-cpe:/a:redhat:enterprise_linux:systemd-devel", "p-cpe:/a:redhat:enterprise_linux:systemd", "p-cpe:/a:redhat:enterprise_linux:systemd-pam", "p-cpe:/a:redhat:enterprise_linux:systemd-libs-debuginfo", "p-cpe:/a:redhat:enterprise_linux:systemd-udev", "p-cpe:/a:redhat:enterprise_linux:systemd-udev-debuginfo", "p-cpe:/a:redhat:enterprise_linux:systemd-journal-remote", "p-cpe:/a:redhat:enterprise_linux:systemd-journal-remote-debuginfo", "p-cpe:/a:redhat:enterprise_linux:systemd-container", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:systemd-libs"], "id": "REDHAT-RHSA-2019-3592.NASL", "href": "https://www.tenable.com/plugins/nessus/130557", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3592. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130557);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/17\");\n\n script_cve_id(\"CVE-2019-15718\");\n script_xref(name:\"RHSA\", value:\"2019:3592\");\n\n script_name(english:\"RHEL 8 : systemd (RHSA-2019:3592)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for systemd is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe systemd packages contain systemd, a system and service manager for\nLinux, compatible with the SysV and LSB init scripts. It provides\naggressive parallelism capabilities, uses socket and D-Bus activation\nfor starting services, offers on-demand starting of daemons, and keeps\ntrack of processes using Linux cgroups. In addition, it supports\nsnapshotting and restoring of the system state, maintains mount and\nautomount points, and implements an elaborate transactional\ndependency-based service control logic. It can also work as a drop-in\nreplacement for sysvinit.\n\nSecurity Fix(es) :\n\n* systemd: systemd-resolved allows unprivileged users to configure DNS\n(CVE-2019-15718)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.1 Release Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?774148ae\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:3592\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-15718\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:systemd-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:systemd-container-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:systemd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:systemd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:systemd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:systemd-journal-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:systemd-journal-remote-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:systemd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:systemd-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:systemd-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:systemd-pam-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:systemd-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:systemd-tests-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:systemd-udev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:systemd-udev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3592\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"systemd-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"systemd-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"systemd-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"systemd-container-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"systemd-container-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"systemd-container-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"systemd-container-debuginfo-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"systemd-container-debuginfo-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"systemd-container-debuginfo-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"systemd-debuginfo-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"systemd-debuginfo-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"systemd-debuginfo-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"systemd-debugsource-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"systemd-debugsource-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"systemd-debugsource-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"systemd-devel-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"systemd-devel-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"systemd-devel-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"systemd-journal-remote-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"systemd-journal-remote-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"systemd-journal-remote-debuginfo-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"systemd-journal-remote-debuginfo-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"systemd-journal-remote-debuginfo-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"systemd-libs-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"systemd-libs-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"systemd-libs-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"systemd-libs-debuginfo-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"systemd-libs-debuginfo-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"systemd-libs-debuginfo-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"systemd-pam-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"systemd-pam-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"systemd-pam-debuginfo-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"systemd-pam-debuginfo-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"systemd-pam-debuginfo-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"systemd-tests-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"systemd-tests-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"systemd-tests-debuginfo-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"systemd-tests-debuginfo-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"systemd-tests-debuginfo-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"systemd-udev-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"systemd-udev-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"systemd-udev-debuginfo-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"systemd-udev-debuginfo-239-18.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"systemd-udev-debuginfo-239-18.el8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd / systemd-container / systemd-container-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-01T06:52:20", "description": "It was discovered that the systemd-resolved D-Bus interface did not\nenforce appropriate access controls. A local unprivileged user could\nexploit this to modify a system's DNS resolver settings.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-09-04T00:00:00", "title": "Ubuntu 18.04 LTS / 19.04 : systemd vulnerability (USN-4120-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-15718"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.04", "p-cpe:/a:canonical:ubuntu_linux:systemd"], "id": "UBUNTU_USN-4120-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128506", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4120-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128506);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2019-15718\");\n script_xref(name:\"USN\", value:\"4120-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 19.04 : systemd vulnerability (USN-4120-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the systemd-resolved D-Bus interface did not\nenforce appropriate access controls. A local unprivileged user could\nexploit this to modify a system's DNS resolver settings.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4120-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected systemd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04|19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04 / 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"systemd\", pkgver:\"237-3ubuntu10.28\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"systemd\", pkgver:\"240-6ubuntu5.6\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T08:59:46", "description": "According to the version of the systemd packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - In systemd 240,\n bus_open_system_watch_bind_with_description in\n shared/bus-util.c (as used by systemd-resolved to\n connect to the system D-Bus instance), calls\n sd_bus_set_trusted, which disables access controls for\n incoming D-Bus messages. An unprivileged user can\n exploit this by executing D-Bus methods that should be\n restricted to privileged users, in order to change the\n system's DNS resolver settings.(CVE-2019-15718)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 10, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-11-12T00:00:00", "title": "EulerOS 2.0 SP8 : systemd (EulerOS-SA-2019-2121)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-15718"], "modified": "2019-11-12T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:systemd", "p-cpe:/a:huawei:euleros:systemd-container", "p-cpe:/a:huawei:euleros:systemd-pam", "p-cpe:/a:huawei:euleros:systemd-journal-remote", "p-cpe:/a:huawei:euleros:systemd-libs", "p-cpe:/a:huawei:euleros:systemd-devel", "p-cpe:/a:huawei:euleros:systemd-udev-compat", "p-cpe:/a:huawei:euleros:systemd-udev", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2121.NASL", "href": "https://www.tenable.com/plugins/nessus/130830", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130830);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-15718\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : systemd (EulerOS-SA-2019-2121)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the systemd packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - In systemd 240,\n bus_open_system_watch_bind_with_description in\n shared/bus-util.c (as used by systemd-resolved to\n connect to the system D-Bus instance), calls\n sd_bus_set_trusted, which disables access controls for\n incoming D-Bus messages. An unprivileged user can\n exploit this by executing D-Bus methods that should be\n restricted to privileged users, in order to change the\n system's DNS resolver settings.(CVE-2019-15718)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2121\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7c89d863\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected systemd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-journal-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-udev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-udev-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"systemd-239-3.h59.eulerosv2r8\",\n \"systemd-container-239-3.h59.eulerosv2r8\",\n \"systemd-devel-239-3.h59.eulerosv2r8\",\n \"systemd-journal-remote-239-3.h59.eulerosv2r8\",\n \"systemd-libs-239-3.h59.eulerosv2r8\",\n \"systemd-pam-239-3.h59.eulerosv2r8\",\n \"systemd-udev-239-3.h59.eulerosv2r8\",\n \"systemd-udev-compat-239-3.h59.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T09:01:56", "description": "According to the version of the systemd packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerability :\n\n - In systemd 240,\n bus_open_system_watch_bind_with_description in\n shared/bus-util.c (as used by systemd-resolved to\n connect to the system D-Bus instance), calls\n sd_bus_set_trusted, which disables access controls for\n incoming D-Bus messages. An unprivileged user can\n exploit this by executing D-Bus methods that should be\n restricted to privileged users, in order to change the\n system's DNS resolver settings.(CVE-2019-15718)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-01-13T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.5.0 : systemd (EulerOS-SA-2020-1054)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-15718"], "modified": "2020-01-13T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.5.0", "p-cpe:/a:huawei:euleros:systemd", "p-cpe:/a:huawei:euleros:systemd-container", "p-cpe:/a:huawei:euleros:systemd-pam", "p-cpe:/a:huawei:euleros:systemd-journal-remote", "p-cpe:/a:huawei:euleros:systemd-libs", "p-cpe:/a:huawei:euleros:systemd-devel", "p-cpe:/a:huawei:euleros:systemd-udev-compat", "p-cpe:/a:huawei:euleros:systemd-udev"], "id": "EULEROS_SA-2020-1054.NASL", "href": "https://www.tenable.com/plugins/nessus/132808", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132808);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-15718\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.5.0 : systemd (EulerOS-SA-2020-1054)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the systemd packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerability :\n\n - In systemd 240,\n bus_open_system_watch_bind_with_description in\n shared/bus-util.c (as used by systemd-resolved to\n connect to the system D-Bus instance), calls\n sd_bus_set_trusted, which disables access controls for\n incoming D-Bus messages. An unprivileged user can\n exploit this by executing D-Bus methods that should be\n restricted to privileged users, in order to change the\n system's DNS resolver settings.(CVE-2019-15718)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1054\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2efaf5ed\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected systemd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-journal-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-udev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-udev-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.5.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.5.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.5.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"systemd-239-3.h64.eulerosv2r8\",\n \"systemd-container-239-3.h64.eulerosv2r8\",\n \"systemd-devel-239-3.h64.eulerosv2r8\",\n \"systemd-journal-remote-239-3.h64.eulerosv2r8\",\n \"systemd-libs-239-3.h64.eulerosv2r8\",\n \"systemd-pam-239-3.h64.eulerosv2r8\",\n \"systemd-udev-239-3.h64.eulerosv2r8\",\n \"systemd-udev-compat-239-3.h64.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}], "redhat": [{"lastseen": "2019-11-05T21:03:45", "bulletinFamily": "unix", "cvelist": ["CVE-2019-15718"], "description": "The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.\n\nSecurity Fix(es):\n\n* systemd: systemd-resolved allows unprivileged users to configure DNS (CVE-2019-15718)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.", "modified": "2019-11-06T00:46:42", "published": "2019-11-05T23:05:06", "id": "RHSA-2019:3592", "href": "https://access.redhat.com/errata/RHSA-2019:3592", "type": "redhat", "title": "(RHSA-2019:3592) Moderate: systemd security, bug fix, and enhancement update", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-11-21T10:24:06", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12207", "CVE-2019-14287", "CVE-2019-15718"], "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis is a text-only advisory for the machine-os-content container image, which includes RPM packages for Red Hat Enterprise Linux CoreOS.\n\nSecurity Fix(es):\n\n* A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor.\n\nSystem software like OS OR Virtual Machine Monitor (VMM) use virtual memory system for storing program instructions and data in memory. Virtual Memory system uses Paging structures like Page Tables and Page Directories to manage system memory. The processor's Memory Management Unit (MMU) uses Paging structure entries to translate program's virtual memory addresses to physical memory addresses. The processor stores these address translations into its local cache buffer called - Translation Lookaside Buffer (TLB). TLB has two parts, one for instructions and other for data addresses.\n\nSystem software can modify its Paging structure entries to change address mappings OR certain attributes like page size etc. Upon such Paging structure alterations in memory, system software must invalidate the corresponding address translations in the processor's TLB cache. But before this TLB invalidation takes place, a privileged guest user may trigger an instruction fetch operation, which could use an already cached, but now invalid, virtual to physical address translation from Instruction TLB (ITLB). Thus accessing an invalid physical memory address and resulting in halting the processor due to the Machine Check Error (MCE) on Page Size Change. (CVE-2018-12207)\n\n* A flaw was found in the way sudo implemented running commands with an arbitrary user ID. If a sudoers entry is written to allow users to run a command as any user except root, this flaw can be used by an attacker to bypass that restriction. (CVE-2019-14287)\n\n* An improper authorization flaw was discovered in systemd-resolved in the way it configures the exposed DBus interface org.freedesktop.resolve1. An unprivileged local user could call all DBus methods, even when marked as privileged operations. An attacker could abuse this flaw by changing the DNS, Search Domain, LLMNR, DNSSEC, and other network link settings without any authorization, giving them control of the network names resolution process and causing the system to communicate with wrong or malicious servers. (CVE-2019-15718)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-11-21T14:53:53", "published": "2019-11-21T14:53:32", "id": "RHSA-2019:3941", "href": "https://access.redhat.com/errata/RHSA-2019:3941", "type": "redhat", "title": "(RHSA-2019:3941) Important: OpenShift Container Platform 4.1.24 machine-os-content-container security update", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-10-28T02:16:36", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0169", "CVE-2016-10739", "CVE-2018-14404", "CVE-2018-14498", "CVE-2018-16890", "CVE-2018-18074", "CVE-2018-18624", "CVE-2018-18751", "CVE-2018-19519", "CVE-2018-20060", "CVE-2018-20337", "CVE-2018-20483", "CVE-2018-20657", "CVE-2018-20852", "CVE-2018-9251", "CVE-2019-1010180", "CVE-2019-1010204", "CVE-2019-11070", "CVE-2019-11236", "CVE-2019-11324", "CVE-2019-11358", "CVE-2019-11459", "CVE-2019-12447", "CVE-2019-12448", "CVE-2019-12449", "CVE-2019-12450", "CVE-2019-12795", "CVE-2019-13232", "CVE-2019-13636", "CVE-2019-13752", "CVE-2019-13753", "CVE-2019-14822", "CVE-2019-14973", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1563", "CVE-2019-15718", "CVE-2019-15847", "CVE-2019-16056", "CVE-2019-16769", "CVE-2019-17451", "CVE-2019-18408", "CVE-2019-19126", "CVE-2019-19923", "CVE-2019-19924", "CVE-2019-19925", "CVE-2019-19959", "CVE-2019-3822", "CVE-2019-3823", "CVE-2019-3825", "CVE-2019-3843", "CVE-2019-3844", "CVE-2019-5094", "CVE-2019-5436", "CVE-2019-5481", "CVE-2019-5482", "CVE-2019-5953", "CVE-2019-6237", "CVE-2019-6251", "CVE-2019-6454", "CVE-2019-6706", "CVE-2019-7146", "CVE-2019-7149", "CVE-2019-7150", "CVE-2019-7664", "CVE-2019-7665", "CVE-2019-8457", "CVE-2019-8506", "CVE-2019-8518", "CVE-2019-8523", "CVE-2019-8524", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-8544", "CVE-2019-8558", "CVE-2019-8559", "CVE-2019-8563", "CVE-2019-8571", "CVE-2019-8583", "CVE-2019-8584", "CVE-2019-8586", "CVE-2019-8587", "CVE-2019-8594", "CVE-2019-8595", "CVE-2019-8596", "CVE-2019-8597", "CVE-2019-8601", "CVE-2019-8607", "CVE-2019-8608", "CVE-2019-8609", "CVE-2019-8610", "CVE-2019-8611", "CVE-2019-8615", "CVE-2019-8619", "CVE-2019-8622", "CVE-2019-8623", "CVE-2019-8666", "CVE-2019-8671", "CVE-2019-8672", "CVE-2019-8673", "CVE-2019-8675", "CVE-2019-8676", "CVE-2019-8677", "CVE-2019-8679", "CVE-2019-8681", "CVE-2019-8686", "CVE-2019-8687", "CVE-2019-8689", "CVE-2019-8690", "CVE-2019-8696", "CVE-2019-8726", "CVE-2019-8735", "CVE-2019-8768", "CVE-2020-10531", "CVE-2020-10715", "CVE-2020-10743", "CVE-2020-11008", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-11110", "CVE-2020-12049", "CVE-2020-12052", "CVE-2020-12245", "CVE-2020-13822", "CVE-2020-14040", "CVE-2020-14336", "CVE-2020-15366", "CVE-2020-15719", "CVE-2020-1712", "CVE-2020-7013", "CVE-2020-7598", "CVE-2020-7662", "CVE-2020-8203", "CVE-2020-8559", "CVE-2020-9283"], "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)\n\n* SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)\n\n* grafana: XSS vulnerability via a column style on the \"Dashboard > Table Panel\" screen (CVE-2018-18624)\n\n* js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)\n\n* npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769)\n\n* kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) (CVE-2020-7013)\n\n* nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598)\n\n* npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662)\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)\n\n* grafana: stored XSS (CVE-2020-11110)\n\n* grafana: XSS annotation popup vulnerability (CVE-2020-12052)\n\n* grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)\n\n* nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\n* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)\n\n* openshift/console: text injection on error page via crafted url (CVE-2020-10715)\n\n* kibana: X-Frame-Option not set by default might lead to clickjacking (CVE-2020-10743)\n\n* openshift: restricted SCC allows pods to craft custom network packets (CVE-2020-14336)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-10-28T04:36:30", "published": "2020-10-27T18:57:54", "id": "RHSA-2020:4298", "href": "https://access.redhat.com/errata/RHSA-2020:4298", "type": "redhat", "title": "(RHSA-2020:4298) Moderate: OpenShift Container Platform 4.6.1 image security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}