Lucene search
Copyright (C) 2022 Greenbone AGOPENVAS:13614125623111020210304HistoryJan 28, 2022 - 12:00 a.m.
Mageia: Security Advisory (MGASA-2021-0304)
2022-01-2800:00:00
Copyright (C) 2022 Greenbone AG
plugins.openvas.org
1
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
6.2 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
11.8%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.10.2021.0304");
script_cve_id("CVE-2020-13776");
script_tag(name:"creation_date", value:"2022-01-28 10:58:44 +0000 (Fri, 28 Jan 2022)");
script_version("2024-02-02T05:06:09+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:09 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"6.2");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2020-06-19 14:12:26 +0000 (Fri, 19 Jun 2020)");
script_name("Mageia: Security Advisory (MGASA-2021-0304)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Mageia Linux Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA7");
script_xref(name:"Advisory-ID", value:"MGASA-2021-0304");
script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2021-0304.html");
script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=27043");
script_xref(name:"URL", value:"https://access.redhat.com/errata/RHSA-2021:1611");
script_tag(name:"summary", value:"The remote host is missing an update for the 'systemd' package(s) announced via the MGASA-2021-0304 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"A flaw was found in systemd, where it mishandles numerical usernames beginning
with decimal digits, or '0x' followed by hexadecimal digits. When the usernames
are used by systemd, for example in service units, an unexpected user may be
used instead. In some particular configurations, this flaw allows local
attackers to elevate their privileges (CVE-2020-13776).");
script_tag(name:"affected", value:"'systemd' package(s) on Mageia 7.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "MAGEIA7") {
if(!isnull(res = isrpmvuln(pkg:"lib64systemd0", rpm:"lib64systemd0~241~8.6.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64udev-devel", rpm:"lib64udev-devel~241~8.6.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64udev1", rpm:"lib64udev1~241~8.6.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsystemd0", rpm:"libsystemd0~241~8.6.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libudev-devel", rpm:"libudev-devel~241~8.6.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libudev1", rpm:"libudev1~241~8.6.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"nss-myhostname", rpm:"nss-myhostname~241~8.6.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"systemd", rpm:"systemd~241~8.6.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"systemd-devel", rpm:"systemd-devel~241~8.6.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"systemd-tests", rpm:"systemd-tests~241~8.6.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"systemd-units", rpm:"systemd-units~241~8.6.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
EulerOS Virtualization 2.9.0 : systemd (EulerOS-SA-2021-1738)
2021-04-15 00:00:00
EulerOS Virtualization 2.9.1 : systemd (EulerOS-SA-2021-1724)
2021-04-15 00:00:00
Photon OS 2.0: Systemd PHSA-2020-2.0-0252
2020-06-10 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package systemd version 1:243.9-alt1
2020-10-06 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2021-1724)
2021-04-13 00:00:00
Fedora: Security Advisory for systemd (FEDORA-2020-2faf839786)
2020-07-31 00:00:00
Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2021-1738)
2021-04-13 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: systemd-245.7-1.fc32
2020-07-30 18:57:56
mageia
mageia
Updated systemd packages fix a security vulnerability
2021-07-01 02:58:41
redhatcve
redhatcve
CVE-2020-13776
2020-06-09 13:24:53
cbl_mariner
cbl_mariner
CVE-2020-13776 affecting package systemd 239-44
2020-11-30 19:30:44
oraclelinux
oraclelinux
systemd security, bug fix, and enhancement update
2021-05-25 00:00:00
redhat
redhat
osv
osv
CVE-2020-13776
2020-06-03 03:15:10
Moderate: systemd security, bug fix, and enhancement update
2021-05-18 05:39:12
rocky
rocky
systemd security, bug fix, and enhancement update
2021-05-18 05:39:12
almalinux
almalinux
Moderate: systemd security, bug fix, and enhancement update
2021-05-18 05:39:12
veracode
veracode
Privilege Escalation
2020-06-04 05:32:51
prion
prion
Buffer overflow
2020-06-03 03:15:00
cve
cve
CVE-2020-13776
2020-06-03 03:15:00
f5
f5
K04572666 : systemd vulnerability CVE-2020-13776
2020-07-02 00:00:00
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2020-2.0-0252
2020-06-10 00:00:00
Moderate Photon OS Security Update - PHSA-2020-0252
2020-06-10 00:00:00
Important Photon OS Security Update - PHSA-2020-0103
2020-06-12 00:00:00
broadcom
broadcom
debiancve
debiancve
CVE-2020-13776
2020-06-03 03:15:00
ubuntucve
ubuntucve
CVE-2020-13776
2020-06-03 00:00:00
amazon
amazon
Important: systemd
2022-09-30 07:04:00
kitploit
kitploit
rosalinux
rosalinux
Advisory ROSA-SA-2021-1982
2021-07-02 18:13:58
ibm
ibm
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
6.2 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
11.8%
Related for OPENVAS:13614125623111020210304