Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : networkd-dispatcher vulnerabilities (USN-5395-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5395-1 advisory. It was discovered that networkd-dispatcher incorrectly handled internal scripts. A local attacker could possibly use this issue t...

Microsoft Discovers New Privilege Escalation Flaws in Linux Operating System

Microsoft on Tuesday disclosed a set of two privilege escalation vulnerabilities in the Linux operating system that could potentially allow threat actors to carry out an array of nefarious activities. Collectively called "Nimbuspwn," the flaws "can be chained together to gain root privileges on...

CVE-2022-29800

A time-of-check-time-of-use TOCTOU race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes...

CVE-2022-29799

A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory traversal to escape from the “/etc/networkd-dispatcher” base directory...

UBUNTU-CVE-2022-29800

A time-of-check-time-of-use TOCTOU race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes...

UBUNTU-CVE-2022-29799

A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory traversal to escape from the “/etc/networkd-dispatcher” base directory...

PT-2022-2378 · Unknown +3 · Networkd-Dispatcher +3

Name of the Vulnerable Software and Affected Versions: networkd-dispatcher affected versions not specified Description: A flaw exists in networkd-dispatcher due to the lack of sanitization of functions by the OperationalState or the AdministrativeState, leading to a directory traversal attack. Th...

PT-2022-2377 · Unknown +3 · Networkd-Dispatcher +3

Name of the Vulnerable Software and Affected Versions: networkd-dispatcher affected versions not specified Description: A time-of-check-time-of-use TOCTOU race condition issue exists in networkd-dispatcher due to a synchronization error when using a shared resource. This allows an attacker to...

SUSE: Security Advisory (SUSE-SU-2018:3644-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:3767-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Out-of-Bounds write in systemd-networkd dhcpv6 option handling

...

Security update for systemd (important)

openSUSE Security Update: Security update for systemd Announcement ID: openSUSE-SU-2020:0208-1 Rating: important References: 1084671 1092920 1106383 1133495 1151377 1154256 1155207 1155574 1156213 1156482 1158485 1159814 1161436 1162108 Cross-References: CVE-2019-20386 CVE-2020-1712 Affected...

SUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2020:0335-1)

This update for systemd fixes the following issues : CVE-2020-1712 bscbsc1162108 Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentiall...

Huawei EulerOS: Security Advisory for NetworkManager (EulerOS-SA-2019-1322)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for NetworkManager (EulerOS-SA-2019-1119)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2019-1060)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated systemd packages fix security vulnerability

Updated systemd packages fix security vulnerability: Nadav Markus from Palo Alto Networks discovered that systemd-resolved does not enforce appropriate access controls on its D-Bus interface and allows unprivileged users to execute methods that are meant to be available only to privileged users...

RHEL 7 : systemd (RHSA-2019:1502)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1502 advisory. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive...

Fedora 30 : systemd (2019-3fa5db9e19)

Backport more patches : - shared/install: Preserve escape characters for escaped unit names https://github.com/coreos/bugs/issues/2569 - timedate: fix emitted value when ntp client is enabled/disabled 1696586 - udev: run programs in the specified order 1696784 - core: add...

EulerOS 2.0 SP3 : NetworkManager (EulerOS-SA-2019-1322)

According to the version of the NetworkManager packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Out-of-bounds heap write in systemd-networkd dhcpv6 option handling CVE-2018-15688 Note that Tenable Network Security has extracted the...