### Summary
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.
### Tested Versions
Canonical Ubuntu 20.04 LTS
Systemd 245
### Product URLs
<https://freedesktop.org/wiki/Software/systemd/>
### CVSSv3 Score
6.1 - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
### CWE
CWE-290 - Authentication Bypass by Spoofing
### Details
Systemd is a collection of utilities used in Linux systems to provide system management services. It runs as the first process and then starts the rest of the system services. It is meant as a replacement for sysvinit and has a range of different functionalities related to system management. It is used by default in some versions of Ubuntu.
A vulnerability exists in systemd’s DHCP client which allows an attacker on the same network to reconfigure the specified target device by forging FORCERENEW and DHCP ACK packets. This vulnerability could then be used to misconfigure the device’s network interface potentially resulting in a denial of service or possibly used in a man in the middle attack. This attack uses two weaknesses in systemd’s DHCP implementation.
When systemd first initializes the DHCP client, it assigns a Transaction ID (xid) to be used for future transactions [1]. This allows systemd to filter out DHCP response packets which do not match the Transaction ID. This Transaction ID is sent to the broadcast MAC address per DHCP specification. It does not appear to change.
Systemd also implements RFC 3203, DHCP reconfigure extension [2]. This allows a DHCP server to send a FORCERENEW packet to the DHCP client to transition the client from the BOUND state to the RENEWING state [3]. However, systemd does not implement authentication on the FORCERENEW packet per RFC 3203 section 6.1 [4].
While the systemd DHCP client is in the RENEWING state, the attacker can now forge DHCP ACK packets using the previously noted Transaction ID to reconfigure the networking properties of the target device.
Systemd’s DHCP client listens on port 68.
An attacker is able to reconfigure a target device running systemd’s DHCP client by performing the following steps:
1. Listening for broadcast Transaction IDs over the network
2. Forge a FORCERENEW packet to the target device running systemd.
3. Forge a series of DHCP ACK packets with the Transaction ID and arbitrary settings directed to the systemd DHCP client.
4. The target device will use the DHCP ACK response and configure itself accordingly.
5. If this attack fails due to timing, the attacker can repeat steps 2-4.
[1] https://github.com/systemd/systemd/blob/master/src/libsystemd-network/sd-dhcp-client.c#L1375 [2] https://github.com/systemd/systemd/blob/master/src/libsystemd-network/sd-dhcp-client.c#L1444 [3] https://github.com/systemd/systemd/blob/master/src/libsystemd-network/sd-dhcp-client.c#L1836-L1839 [4] https://github.com/systemd/systemd/commit/615c1467c81411bf1d19fd7092e8995b5ebadc13
### Timeline
2020-08-19 - Vendor Disclosure
2020-09-20 - Vendor acknowledged
2020-11-05 - 45 day follow up
2020-11-17 - 2nd follow up
2020-12-04 - Vendor advised issue planned for next release
2020-12-15 - Vendor advised issue will be treated as an RFE via a public issue
2021-03-22 - Final follow up with vendor
2021-04-26 - Public Release
{"id": "TALOS-2020-1142", "vendorId": null, "type": "talos", "bulletinFamily": "info", "title": "Systemd DHCP client denial-of-service vulnerability", "description": "### Summary\n\nAn exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.\n\n### Tested Versions\n\nCanonical Ubuntu 20.04 LTS \nSystemd 245\n\n### Product URLs\n\n<https://freedesktop.org/wiki/Software/systemd/>\n\n### CVSSv3 Score\n\n6.1 - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\n\n### CWE\n\nCWE-290 - Authentication Bypass by Spoofing\n\n### Details\n\nSystemd is a collection of utilities used in Linux systems to provide system management services. It runs as the first process and then starts the rest of the system services. It is meant as a replacement for sysvinit and has a range of different functionalities related to system management. It is used by default in some versions of Ubuntu.\n\nA vulnerability exists in systemd\u2019s DHCP client which allows an attacker on the same network to reconfigure the specified target device by forging FORCERENEW and DHCP ACK packets. This vulnerability could then be used to misconfigure the device\u2019s network interface potentially resulting in a denial of service or possibly used in a man in the middle attack. This attack uses two weaknesses in systemd\u2019s DHCP implementation.\n\nWhen systemd first initializes the DHCP client, it assigns a Transaction ID (xid) to be used for future transactions [1]. This allows systemd to filter out DHCP response packets which do not match the Transaction ID. This Transaction ID is sent to the broadcast MAC address per DHCP specification. It does not appear to change.\n\nSystemd also implements RFC 3203, DHCP reconfigure extension [2]. This allows a DHCP server to send a FORCERENEW packet to the DHCP client to transition the client from the BOUND state to the RENEWING state [3]. However, systemd does not implement authentication on the FORCERENEW packet per RFC 3203 section 6.1 [4].\n\nWhile the systemd DHCP client is in the RENEWING state, the attacker can now forge DHCP ACK packets using the previously noted Transaction ID to reconfigure the networking properties of the target device.\n\nSystemd\u2019s DHCP client listens on port 68.\n\nAn attacker is able to reconfigure a target device running systemd\u2019s DHCP client by performing the following steps:\n\n 1. Listening for broadcast Transaction IDs over the network\n 2. Forge a FORCERENEW packet to the target device running systemd.\n 3. Forge a series of DHCP ACK packets with the Transaction ID and arbitrary settings directed to the systemd DHCP client.\n 4. The target device will use the DHCP ACK response and configure itself accordingly.\n 5. If this attack fails due to timing, the attacker can repeat steps 2-4.\n\n[1] https://github.com/systemd/systemd/blob/master/src/libsystemd-network/sd-dhcp-client.c#L1375 [2] https://github.com/systemd/systemd/blob/master/src/libsystemd-network/sd-dhcp-client.c#L1444 [3] https://github.com/systemd/systemd/blob/master/src/libsystemd-network/sd-dhcp-client.c#L1836-L1839 [4] https://github.com/systemd/systemd/commit/615c1467c81411bf1d19fd7092e8995b5ebadc13\n\n### Timeline\n\n2020-08-19 - Vendor Disclosure \n2020-09-20 - Vendor acknowledged \n2020-11-05 - 45 day follow up \n2020-11-17 - 2nd follow up \n2020-12-04 - Vendor advised issue planned for next release \n2020-12-15 - Vendor advised issue will be treated as an RFE via a public issue \n2021-03-22 - Final follow up with vendor \n2021-04-26 - Public Release\n", "published": "2021-04-26T00:00:00", "modified": "2021-04-26T00:00:00", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.0}, "href": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1142", "reporter": "Talos Intelligence", "references": [], "cvelist": ["CVE-2020-13529"], "immutableFields": [], "lastseen": "2022-01-26T11:42:23", "viewCount": 19, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:4361"]}, {"type": "altlinux", "idList": ["7893C3BA8753F8F069C206E48D526B57"]}, {"type": "archlinux", "idList": ["ASA-202107-29"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:EA2FC96380AC5696218F1535F35D2590"]}, {"type": "cve", "idList": ["CVE-2020-13529"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-13529"]}, {"type": "fedora", "idList": ["FEDORA:876413072EA9"]}, {"type": "gentoo", "idList": ["GLSA-202107-48"]}, {"type": "kitploit", "idList": ["KITPLOIT:2401425074991132396"]}, {"type": "mageia", "idList": ["MGASA-2021-0365"]}, {"type": "nessus", "idList": ["ALMA_LINUX_ALSA-2021-4361.NASL", "CENTOS8_RHSA-2021-4361.NASL", "EULEROS_SA-2021-2647.NASL", "EULEROS_SA-2021-2665.NASL", "EULEROS_SA-2021-2676.NASL", "EULEROS_SA-2021-2700.NASL", "EULEROS_SA-2021-2725.NASL", "EULEROS_SA-2021-2752.NASL", "EULEROS_SA-2021-2778.NASL", "EULEROS_SA-2021-2821.NASL", "EULEROS_SA-2021-2824.NASL", "EULEROS_SA-2021-2862.NASL", "EULEROS_SA-2021-2863.NASL", "EULEROS_SA-2022-1098.NASL", "EULEROS_SA-2022-1107.NASL", "EULEROS_SA-2022-1149.NASL", "EULEROS_SA-2022-1178.NASL", "EULEROS_SA-2022-1192.NASL", "GENTOO_GLSA-202107-48.NASL", "NEWSTART_CGSL_NS-SA-2022-0070_NETWORKMANAGER.NASL", "NEWSTART_CGSL_NS-SA-2022-0072_NETWORKMANAGER.NASL", "OPENSUSE-2021-2809.NASL", "ORACLELINUX_ELSA-2021-4361.NASL", "PHOTONOS_PHSA-2021-1_0-0416_SYSTEMD.NASL", "PHOTONOS_PHSA-2021-2_0-0373_SYSTEMD.NASL", "PHOTONOS_PHSA-2021-3_0-0272_SYSTEMD.NASL", "REDHAT-RHSA-2021-4361.NASL", "SUSE_SU-2021-2809-1.NASL", "UBUNTU_USN-5013-1.NASL", "UBUNTU_USN-5013-2.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-4361"]}, {"type": "photon", "idList": ["PHSA-2021-0066", "PHSA-2021-0272", "PHSA-2021-0373", "PHSA-2021-1.0-0416", "PHSA-2021-2.0-0373", "PHSA-2021-3.0-0272"]}, {"type": "redhat", "idList": ["RHSA-2021:4361"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-13529"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:2809-1"]}, {"type": "ubuntu", "idList": ["USN-5013-1", "USN-5013-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-13529"]}, {"type": "veracode", "idList": ["VERACODE:31579"]}]}, "score": {"value": 0.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:4361"]}, {"type": "archlinux", "idList": ["ASA-202107-29"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:EA2FC96380AC5696218F1535F35D2590"]}, {"type": "cve", "idList": ["CVE-2020-13529"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-13529"]}, {"type": "fedora", "idList": ["FEDORA:876413072EA9"]}, {"type": "gentoo", "idList": ["GLSA-202107-48"]}, {"type": "kitploit", "idList": ["KITPLOIT:2401425074991132396"]}, {"type": "nessus", "idList": ["CENTOS8_RHSA-2021-4361.NASL", "EULEROS_SA-2021-2665.NASL", "EULEROS_SA-2021-2676.NASL", "EULEROS_SA-2021-2700.NASL", "EULEROS_SA-2021-2752.NASL", "EULEROS_SA-2021-2778.NASL", "ORACLELINUX_ELSA-2021-4361.NASL", "PHOTONOS_PHSA-2021-1_0-0416_SYSTEMD.NASL", "PHOTONOS_PHSA-2021-2_0-0373_SYSTEMD.NASL", "PHOTONOS_PHSA-2021-3_0-0272_SYSTEMD.NASL", "UBUNTU_USN-5013-1.NASL", "UBUNTU_USN-5013-2.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220201142"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-4361"]}, {"type": "photon", "idList": ["PHSA-2021-1.0-0416", "PHSA-2021-2.0-0373", "PHSA-2021-3.0-0272"]}, {"type": "redhat", "idList": ["RHSA-2021:4361"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-13529"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:2809-1"]}, {"type": "ubuntu", "idList": ["USN-5013-1", "USN-5013-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-13529"]}]}, "exploitation": null, "vulnersScore": 0.7}, "_state": {"dependencies": 1660032824, "score": 1659955861}, "_internal": {"score_hash": "e306ea02f092cf25c809286e6801e140"}}
{"nessus": [{"lastseen": "2022-10-09T15:10:58", "description": "According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2022-02-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.6 : systemd (EulerOS-SA-2022-1149)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529"], "modified": "2022-02-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libgudev1", "p-cpe:/a:huawei:euleros:libgudev1-devel", "p-cpe:/a:huawei:euleros:systemd", "p-cpe:/a:huawei:euleros:systemd-devel", "p-cpe:/a:huawei:euleros:systemd-libs", "p-cpe:/a:huawei:euleros:systemd-python", "p-cpe:/a:huawei:euleros:systemd-sysv", "p-cpe:/a:huawei:euleros:systemd-udev-compat", "cpe:/o:huawei:euleros:uvp:3.0.6.6"], "id": "EULEROS_SA-2022-1149.NASL", "href": "https://www.tenable.com/plugins/nessus/158015", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158015);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/13\");\n\n script_cve_id(\"CVE-2020-13529\");\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : systemd (EulerOS-SA-2022-1149)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW\n packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An\n attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1149\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bd6b784a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected systemd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libgudev1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libgudev1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-sysv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-udev-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"libgudev1-219-62.5.h127.eulerosv2r7\",\n \"libgudev1-devel-219-62.5.h127.eulerosv2r7\",\n \"systemd-219-62.5.h127.eulerosv2r7\",\n \"systemd-devel-219-62.5.h127.eulerosv2r7\",\n \"systemd-libs-219-62.5.h127.eulerosv2r7\",\n \"systemd-python-219-62.5.h127.eulerosv2r7\",\n \"systemd-sysv-219-62.5.h127.eulerosv2r7\",\n \"systemd-udev-compat-219-62.5.h127.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-09T15:16:55", "description": "An update of the systemd package has been released.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2021-07-23T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Systemd PHSA-2021-1.0-0416", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529"], "modified": "2021-07-23T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:systemd", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2021-1_0-0416_SYSTEMD.NASL", "href": "https://www.tenable.com/plugins/nessus/152051", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-1.0-0416. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152051);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/23\");\n\n script_cve_id(\"CVE-2020-13529\");\n\n script_name(english:\"Photon OS 1.0: Systemd PHSA-2021-1.0-0416\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the systemd package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-416.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 1.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'systemd-228-62.ph1')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'systemd');\n}\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-09T15:17:16", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has NetworkManager packages installed that are affected by a vulnerability:\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : NetworkManager Vulnerability (NS-SA-2022-0072)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_main:NetworkManager", "p-cpe:/a:zte:cgsl_main:NetworkManager-adsl", "p-cpe:/a:zte:cgsl_main:NetworkManager-adsl-debuginfo", "p-cpe:/a:zte:cgsl_main:NetworkManager-bluetooth", "p-cpe:/a:zte:cgsl_main:NetworkManager-bluetooth-debuginfo", "p-cpe:/a:zte:cgsl_main:NetworkManager-cloud-setup", "p-cpe:/a:zte:cgsl_main:NetworkManager-cloud-setup-debuginfo", "p-cpe:/a:zte:cgsl_main:NetworkManager-config-connectivity-redhat", "p-cpe:/a:zte:cgsl_main:NetworkManager-config-server", "p-cpe:/a:zte:cgsl_main:NetworkManager-debuginfo", "p-cpe:/a:zte:cgsl_main:NetworkManager-debugsource", "p-cpe:/a:zte:cgsl_main:NetworkManager-dispatcher-routing-rules", "p-cpe:/a:zte:cgsl_main:NetworkManager-libnm", "p-cpe:/a:zte:cgsl_main:NetworkManager-libnm-debuginfo", "p-cpe:/a:zte:cgsl_main:NetworkManager-libnm-devel", "p-cpe:/a:zte:cgsl_main:NetworkManager-ovs", "p-cpe:/a:zte:cgsl_main:NetworkManager-ovs-debuginfo", "p-cpe:/a:zte:cgsl_main:NetworkManager-ppp", "p-cpe:/a:zte:cgsl_main:NetworkManager-ppp-debuginfo", "p-cpe:/a:zte:cgsl_main:NetworkManager-team", "p-cpe:/a:zte:cgsl_main:NetworkManager-team-debuginfo", "p-cpe:/a:zte:cgsl_main:NetworkManager-tui", "p-cpe:/a:zte:cgsl_main:NetworkManager-tui-debuginfo", "p-cpe:/a:zte:cgsl_main:NetworkManager-wifi", "p-cpe:/a:zte:cgsl_main:NetworkManager-wifi-debuginfo", "p-cpe:/a:zte:cgsl_main:NetworkManager-wwan", "p-cpe:/a:zte:cgsl_main:NetworkManager-wwan-debuginfo", "cpe:/o:zte:cgsl_main:6"], "id": "NEWSTART_CGSL_NS-SA-2022-0072_NETWORKMANAGER.NASL", "href": "https://www.tenable.com/plugins/nessus/160819", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0072. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160819);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\"CVE-2020-13529\");\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : NetworkManager Vulnerability (NS-SA-2022-0072)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has NetworkManager packages installed that are affected by a\nvulnerability:\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW\n packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An\n attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0072\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-13529\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL NetworkManager packages. Note that updated packages may not be available yet. Please contact\nZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-adsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-adsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-bluetooth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-bluetooth-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-cloud-setup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-cloud-setup-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-config-connectivity-redhat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-config-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-dispatcher-routing-rules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-libnm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-libnm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-libnm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-ovs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-ppp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-ppp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-team\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-team-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-tui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-tui-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-wifi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-wifi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-wwan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-wwan-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL MAIN 6.02': [\n 'NetworkManager-1.32.10-4.el8',\n 'NetworkManager-adsl-1.32.10-4.el8',\n 'NetworkManager-adsl-debuginfo-1.32.10-4.el8',\n 'NetworkManager-bluetooth-1.32.10-4.el8',\n 'NetworkManager-bluetooth-debuginfo-1.32.10-4.el8',\n 'NetworkManager-cloud-setup-1.32.10-4.el8',\n 'NetworkManager-cloud-setup-debuginfo-1.32.10-4.el8',\n 'NetworkManager-config-connectivity-redhat-1.32.10-4.el8',\n 'NetworkManager-config-server-1.32.10-4.el8',\n 'NetworkManager-debuginfo-1.32.10-4.el8',\n 'NetworkManager-debugsource-1.32.10-4.el8',\n 'NetworkManager-dispatcher-routing-rules-1.32.10-4.el8',\n 'NetworkManager-libnm-1.32.10-4.el8',\n 'NetworkManager-libnm-debuginfo-1.32.10-4.el8',\n 'NetworkManager-libnm-devel-1.32.10-4.el8',\n 'NetworkManager-ovs-1.32.10-4.el8',\n 'NetworkManager-ovs-debuginfo-1.32.10-4.el8',\n 'NetworkManager-ppp-1.32.10-4.el8',\n 'NetworkManager-ppp-debuginfo-1.32.10-4.el8',\n 'NetworkManager-team-1.32.10-4.el8',\n 'NetworkManager-team-debuginfo-1.32.10-4.el8',\n 'NetworkManager-tui-1.32.10-4.el8',\n 'NetworkManager-tui-debuginfo-1.32.10-4.el8',\n 'NetworkManager-wifi-1.32.10-4.el8',\n 'NetworkManager-wifi-debuginfo-1.32.10-4.el8',\n 'NetworkManager-wwan-1.32.10-4.el8',\n 'NetworkManager-wwan-debuginfo-1.32.10-4.el8'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'NetworkManager');\n}\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-09T15:17:34", "description": "An update of the systemd package has been released.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2021-07-26T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Systemd PHSA-2021-2.0-0373", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529"], "modified": "2021-07-26T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:systemd", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2021-2_0-0373_SYSTEMD.NASL", "href": "https://www.tenable.com/plugins/nessus/152085", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-2.0-0373. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152085);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/26\");\n\n script_cve_id(\"CVE-2020-13529\");\n\n script_name(english:\"Photon OS 2.0: Systemd PHSA-2021-2.0-0373\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the systemd package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-373.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 2.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'systemd-233-31.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'systemd-devel-233-31.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'systemd-lang-233-31.ph2')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'systemd');\n}\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-09T15:17:34", "description": "An update of the systemd package has been released.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2021-07-23T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Systemd PHSA-2021-3.0-0272", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529"], "modified": "2021-07-23T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:systemd", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2021-3_0-0272_SYSTEMD.NASL", "href": "https://www.tenable.com/plugins/nessus/152054", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-3.0-0272. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152054);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/23\");\n\n script_cve_id(\"CVE-2020-13529\");\n\n script_name(english:\"Photon OS 3.0: Systemd PHSA-2021-3.0-0272\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the systemd package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-272.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'systemd-239-34.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'systemd-devel-239-34.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'systemd-lang-239-34.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'systemd');\n}\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-09T15:10:30", "description": "The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4361 advisory.\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : NetworkManager (ALSA-2021:4361)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:alma:linux:NetworkManager", "p-cpe:/a:alma:linux:NetworkManager-adsl", "p-cpe:/a:alma:linux:NetworkManager-bluetooth", "p-cpe:/a:alma:linux:NetworkManager-cloud-setup", "p-cpe:/a:alma:linux:NetworkManager-config-connectivity-redhat", "p-cpe:/a:alma:linux:NetworkManager-config-server", "p-cpe:/a:alma:linux:NetworkManager-dispatcher-routing-rules", "p-cpe:/a:alma:linux:NetworkManager-libnm", "p-cpe:/a:alma:linux:NetworkManager-libnm-devel", "p-cpe:/a:alma:linux:NetworkManager-ovs", "p-cpe:/a:alma:linux:NetworkManager-ppp", "p-cpe:/a:alma:linux:NetworkManager-team", "p-cpe:/a:alma:linux:NetworkManager-tui", "p-cpe:/a:alma:linux:NetworkManager-wifi", "p-cpe:/a:alma:linux:NetworkManager-wwan", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-4361.NASL", "href": "https://www.tenable.com/plugins/nessus/157568", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:4361.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157568);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\"CVE-2020-13529\");\n script_xref(name:\"ALSA\", value:\"2021:4361\");\n\n script_name(english:\"AlmaLinux 8 : NetworkManager (ALSA-2021:4361)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the\nALSA-2021:4361 advisory.\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW\n packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An\n attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-4361.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:NetworkManager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:NetworkManager-adsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:NetworkManager-bluetooth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:NetworkManager-cloud-setup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:NetworkManager-config-connectivity-redhat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:NetworkManager-config-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:NetworkManager-dispatcher-routing-rules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:NetworkManager-libnm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:NetworkManager-libnm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:NetworkManager-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:NetworkManager-ppp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:NetworkManager-team\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:NetworkManager-tui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:NetworkManager-wifi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:NetworkManager-wwan\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'NetworkManager-1.32.10-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-adsl-1.32.10-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-bluetooth-1.32.10-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-cloud-setup-1.32.10-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-config-connectivity-redhat-1.32.10-4.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-config-server-1.32.10-4.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-dispatcher-routing-rules-1.32.10-4.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-libnm-1.32.10-4.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-libnm-1.32.10-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-libnm-devel-1.32.10-4.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-libnm-devel-1.32.10-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-ovs-1.32.10-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-ppp-1.32.10-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-team-1.32.10-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-tui-1.32.10-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-wifi-1.32.10-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-wwan-1.32.10-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'NetworkManager / NetworkManager-adsl / NetworkManager-bluetooth / etc');\n}\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-09T15:10:53", "description": "According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2022-02-23T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : systemd (EulerOS-SA-2022-1192)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529"], "modified": "2022-02-23T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libgudev1", "p-cpe:/a:huawei:euleros:libgudev1-devel", "p-cpe:/a:huawei:euleros:systemd", "p-cpe:/a:huawei:euleros:systemd-devel", "p-cpe:/a:huawei:euleros:systemd-libs", "p-cpe:/a:huawei:euleros:systemd-python", "p-cpe:/a:huawei:euleros:systemd-sysv", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1192.NASL", "href": "https://www.tenable.com/plugins/nessus/158281", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158281);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/23\");\n\n script_cve_id(\"CVE-2020-13529\");\n\n script_name(english:\"EulerOS 2.0 SP3 : systemd (EulerOS-SA-2022-1192)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW\n packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An\n attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1192\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?efd061d3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected systemd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libgudev1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libgudev1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-sysv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"libgudev1-219-30.6.h79\",\n \"libgudev1-devel-219-30.6.h79\",\n \"systemd-219-30.6.h79\",\n \"systemd-devel-219-30.6.h79\",\n \"systemd-libs-219-30.6.h79\",\n \"systemd-python-219-30.6.h79\",\n \"systemd-sysv-219-30.6.h79\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-09T15:09:28", "description": "According to the versions of the NetworkManager packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2022-02-12T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.6 : NetworkManager (EulerOS-SA-2022-1107)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529"], "modified": "2022-02-12T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:NetworkManager", "p-cpe:/a:huawei:euleros:NetworkManager-adsl", "p-cpe:/a:huawei:euleros:NetworkManager-bluetooth", "p-cpe:/a:huawei:euleros:NetworkManager-config-server", "p-cpe:/a:huawei:euleros:NetworkManager-glib", "p-cpe:/a:huawei:euleros:NetworkManager-libnm", "p-cpe:/a:huawei:euleros:NetworkManager-team", "p-cpe:/a:huawei:euleros:NetworkManager-tui", "p-cpe:/a:huawei:euleros:NetworkManager-wifi", "p-cpe:/a:huawei:euleros:NetworkManager-wwan", "cpe:/o:huawei:euleros:uvp:3.0.6.6"], "id": "EULEROS_SA-2022-1107.NASL", "href": "https://www.tenable.com/plugins/nessus/157970", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157970);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/12\");\n\n script_cve_id(\"CVE-2020-13529\");\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : NetworkManager (EulerOS-SA-2022-1107)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the NetworkManager packages installed, the EulerOS Virtualization installation on the\nremote host is affected by the following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW\n packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An\n attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1107\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8ae954ad\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected NetworkManager packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-adsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-bluetooth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-config-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-libnm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-team\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-tui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-wifi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-wwan\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"NetworkManager-1.10.2-16.h6.eulerosv2r7\",\n \"NetworkManager-adsl-1.10.2-16.h6.eulerosv2r7\",\n \"NetworkManager-bluetooth-1.10.2-16.h6.eulerosv2r7\",\n \"NetworkManager-config-server-1.10.2-16.h6.eulerosv2r7\",\n \"NetworkManager-glib-1.10.2-16.h6.eulerosv2r7\",\n \"NetworkManager-libnm-1.10.2-16.h6.eulerosv2r7\",\n \"NetworkManager-team-1.10.2-16.h6.eulerosv2r7\",\n \"NetworkManager-tui-1.10.2-16.h6.eulerosv2r7\",\n \"NetworkManager-wifi-1.10.2-16.h6.eulerosv2r7\",\n \"NetworkManager-wwan-1.10.2-16.h6.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"NetworkManager\");\n}\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-09T15:06:55", "description": "According to the versions of the NetworkManager packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2022-01-06T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.6 : NetworkManager (EulerOS-SA-2021-2862)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529"], "modified": "2022-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:NetworkManager", "p-cpe:/a:huawei:euleros:NetworkManager-config-server", "p-cpe:/a:huawei:euleros:NetworkManager-glib", "p-cpe:/a:huawei:euleros:NetworkManager-libnm", "p-cpe:/a:huawei:euleros:NetworkManager-team", "p-cpe:/a:huawei:euleros:NetworkManager-tui", "cpe:/o:huawei:euleros:uvp:3.0.2.6"], "id": "EULEROS_SA-2021-2862.NASL", "href": "https://www.tenable.com/plugins/nessus/156533", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156533);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/06\");\n\n script_cve_id(\"CVE-2020-13529\");\n\n script_name(english:\"EulerOS Virtualization 3.0.2.6 : NetworkManager (EulerOS-SA-2021-2862)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the NetworkManager packages installed, the EulerOS Virtualization installation on the\nremote host is affected by the following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW\n packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An\n attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2862\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?337dcbb7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected NetworkManager packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-config-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-libnm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-team\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-tui\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"NetworkManager-1.10.2-16.h6.eulerosv2r7\",\n \"NetworkManager-config-server-1.10.2-16.h6.eulerosv2r7\",\n \"NetworkManager-glib-1.10.2-16.h6.eulerosv2r7\",\n \"NetworkManager-libnm-1.10.2-16.h6.eulerosv2r7\",\n \"NetworkManager-team-1.10.2-16.h6.eulerosv2r7\",\n \"NetworkManager-tui-1.10.2-16.h6.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"NetworkManager\");\n}\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-09T15:07:39", "description": "According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2022-01-06T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.6 : systemd (EulerOS-SA-2021-2863)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529"], "modified": "2022-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libgudev1", "p-cpe:/a:huawei:euleros:systemd", "p-cpe:/a:huawei:euleros:systemd-devel", "p-cpe:/a:huawei:euleros:systemd-libs", "p-cpe:/a:huawei:euleros:systemd-python", "p-cpe:/a:huawei:euleros:systemd-sysv", "p-cpe:/a:huawei:euleros:systemd-udev-compat", "cpe:/o:huawei:euleros:uvp:3.0.2.6"], "id": "EULEROS_SA-2021-2863.NASL", "href": "https://www.tenable.com/plugins/nessus/156529", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156529);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/06\");\n\n script_cve_id(\"CVE-2020-13529\");\n\n script_name(english:\"EulerOS Virtualization 3.0.2.6 : systemd (EulerOS-SA-2021-2863)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW\n packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An\n attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2863\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2d84e349\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected systemd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libgudev1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-sysv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-udev-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"libgudev1-219-62.5.h127.eulerosv2r7\",\n \"systemd-219-62.5.h127.eulerosv2r7\",\n \"systemd-devel-219-62.5.h127.eulerosv2r7\",\n \"systemd-libs-219-62.5.h127.eulerosv2r7\",\n \"systemd-python-219-62.5.h127.eulerosv2r7\",\n \"systemd-sysv-219-62.5.h127.eulerosv2r7\",\n \"systemd-udev-compat-219-62.5.h127.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-09T15:23:39", "description": "According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : systemd (EulerOS-SA-2021-2676)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529"], "modified": "2021-11-11T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libgudev1", "p-cpe:/a:huawei:euleros:libgudev1-devel", "p-cpe:/a:huawei:euleros:systemd", "p-cpe:/a:huawei:euleros:systemd-devel", "p-cpe:/a:huawei:euleros:systemd-libs", "p-cpe:/a:huawei:euleros:systemd-python", "p-cpe:/a:huawei:euleros:systemd-sysv", "p-cpe:/a:huawei:euleros:systemd-udev-compat", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2676.NASL", "href": "https://www.tenable.com/plugins/nessus/155265", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155265);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/11\");\n\n script_cve_id(\"CVE-2020-13529\");\n\n script_name(english:\"EulerOS 2.0 SP5 : systemd (EulerOS-SA-2021-2676)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW\n packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An\n attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2676\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a728e3cd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected systemd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libgudev1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libgudev1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-sysv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-udev-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"libgudev1-219-62.5.h127.eulerosv2r7\",\n \"libgudev1-devel-219-62.5.h127.eulerosv2r7\",\n \"systemd-219-62.5.h127.eulerosv2r7\",\n \"systemd-devel-219-62.5.h127.eulerosv2r7\",\n \"systemd-libs-219-62.5.h127.eulerosv2r7\",\n \"systemd-python-219-62.5.h127.eulerosv2r7\",\n \"systemd-sysv-219-62.5.h127.eulerosv2r7\",\n \"systemd-udev-compat-219-62.5.h127.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-09T15:25:36", "description": "According to the versions of the NetworkManager packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2021-12-29T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.0 : NetworkManager (EulerOS-SA-2021-2821)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529"], "modified": "2021-12-29T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:NetworkManager", "p-cpe:/a:huawei:euleros:NetworkManager-config-server", "p-cpe:/a:huawei:euleros:NetworkManager-glib", "p-cpe:/a:huawei:euleros:NetworkManager-libnm", "p-cpe:/a:huawei:euleros:NetworkManager-team", "p-cpe:/a:huawei:euleros:NetworkManager-tui", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2021-2821.NASL", "href": "https://www.tenable.com/plugins/nessus/156350", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156350);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/12/29\");\n\n script_cve_id(\"CVE-2020-13529\");\n\n script_name(english:\"EulerOS Virtualization 3.0.2.0 : NetworkManager (EulerOS-SA-2021-2821)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the NetworkManager packages installed, the EulerOS Virtualization installation on the\nremote host is affected by the following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW\n packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An\n attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2821\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?afcfa117\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected NetworkManager packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-config-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-libnm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-team\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-tui\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"NetworkManager-1.10.2-16.h6\",\n \"NetworkManager-config-server-1.10.2-16.h6\",\n \"NetworkManager-glib-1.10.2-16.h6\",\n \"NetworkManager-libnm-1.10.2-16.h6\",\n \"NetworkManager-team-1.10.2-16.h6\",\n \"NetworkManager-tui-1.10.2-16.h6\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"NetworkManager\");\n}\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-09T15:24:31", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4361 advisory.\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2021-11-17T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : NetworkManager (ELSA-2021-4361)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529"], "modified": "2021-11-17T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:NetworkManager", "p-cpe:/a:oracle:linux:NetworkManager-adsl", "p-cpe:/a:oracle:linux:NetworkManager-bluetooth", "p-cpe:/a:oracle:linux:NetworkManager-cloud-setup", "p-cpe:/a:oracle:linux:NetworkManager-config-connectivity-oracle", "p-cpe:/a:oracle:linux:NetworkManager-config-server", "p-cpe:/a:oracle:linux:NetworkManager-dispatcher-routing-rules", "p-cpe:/a:oracle:linux:NetworkManager-libnm", "p-cpe:/a:oracle:linux:NetworkManager-libnm-devel", "p-cpe:/a:oracle:linux:NetworkManager-ovs", "p-cpe:/a:oracle:linux:NetworkManager-ppp", "p-cpe:/a:oracle:linux:NetworkManager-team", "p-cpe:/a:oracle:linux:NetworkManager-tui", "p-cpe:/a:oracle:linux:NetworkManager-wifi", "p-cpe:/a:oracle:linux:NetworkManager-wwan"], "id": "ORACLELINUX_ELSA-2021-4361.NASL", "href": "https://www.tenable.com/plugins/nessus/155424", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-4361.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155424);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/17\");\n\n script_cve_id(\"CVE-2020-13529\");\n\n script_name(english:\"Oracle Linux 8 : NetworkManager (ELSA-2021-4361)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2021-4361 advisory.\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW\n packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An\n attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-4361.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager-adsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager-bluetooth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager-cloud-setup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager-config-connectivity-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager-config-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager-dispatcher-routing-rules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager-libnm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager-libnm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager-ppp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager-team\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager-tui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager-wifi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager-wwan\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'NetworkManager-1.32.10-4.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-1.32.10-4.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-adsl-1.32.10-4.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-adsl-1.32.10-4.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-bluetooth-1.32.10-4.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-bluetooth-1.32.10-4.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-cloud-setup-1.32.10-4.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-cloud-setup-1.32.10-4.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-config-connectivity-oracle-1.32.10-4.0.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-config-server-1.32.10-4.0.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-dispatcher-routing-rules-1.32.10-4.0.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-libnm-1.32.10-4.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-libnm-1.32.10-4.0.1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-libnm-1.32.10-4.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-libnm-devel-1.32.10-4.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-libnm-devel-1.32.10-4.0.1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-libnm-devel-1.32.10-4.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-ovs-1.32.10-4.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-ovs-1.32.10-4.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-ppp-1.32.10-4.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-ppp-1.32.10-4.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-team-1.32.10-4.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-team-1.32.10-4.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-tui-1.32.10-4.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-tui-1.32.10-4.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-wifi-1.32.10-4.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-wifi-1.32.10-4.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-wwan-1.32.10-4.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-wwan-1.32.10-4.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'NetworkManager / NetworkManager-adsl / NetworkManager-bluetooth / etc');\n}\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-09T15:24:13", "description": "According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2021-11-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : systemd (EulerOS-SA-2021-2647)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529"], "modified": "2021-11-02T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:systemd", "p-cpe:/a:huawei:euleros:systemd-container", "p-cpe:/a:huawei:euleros:systemd-devel", "p-cpe:/a:huawei:euleros:systemd-journal-remote", "p-cpe:/a:huawei:euleros:systemd-libs", "p-cpe:/a:huawei:euleros:systemd-pam", "p-cpe:/a:huawei:euleros:systemd-udev", "p-cpe:/a:huawei:euleros:systemd-udev-compat", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2647.NASL", "href": "https://www.tenable.com/plugins/nessus/154797", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154797);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/02\");\n\n script_cve_id(\"CVE-2020-13529\");\n\n script_name(english:\"EulerOS 2.0 SP8 : systemd (EulerOS-SA-2021-2647)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW\n packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An\n attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2647\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0d47d1c5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected systemd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-journal-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-udev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-udev-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"systemd-239-3.h121.eulerosv2r8\",\n \"systemd-container-239-3.h121.eulerosv2r8\",\n \"systemd-devel-239-3.h121.eulerosv2r8\",\n \"systemd-journal-remote-239-3.h121.eulerosv2r8\",\n \"systemd-libs-239-3.h121.eulerosv2r8\",\n \"systemd-pam-239-3.h121.eulerosv2r8\",\n \"systemd-udev-239-3.h121.eulerosv2r8\",\n \"systemd-udev-compat-239-3.h121.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-09T15:23:41", "description": "According to the versions of the NetworkManager packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : NetworkManager (EulerOS-SA-2021-2665)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529"], "modified": "2021-11-11T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:NetworkManager", "p-cpe:/a:huawei:euleros:NetworkManager-adsl", "p-cpe:/a:huawei:euleros:NetworkManager-bluetooth", "p-cpe:/a:huawei:euleros:NetworkManager-config-server", "p-cpe:/a:huawei:euleros:NetworkManager-glib", "p-cpe:/a:huawei:euleros:NetworkManager-libnm", "p-cpe:/a:huawei:euleros:NetworkManager-team", "p-cpe:/a:huawei:euleros:NetworkManager-tui", "p-cpe:/a:huawei:euleros:NetworkManager-wifi", "p-cpe:/a:huawei:euleros:NetworkManager-wwan", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2665.NASL", "href": "https://www.tenable.com/plugins/nessus/155279", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155279);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/11\");\n\n script_cve_id(\"CVE-2020-13529\");\n\n script_name(english:\"EulerOS 2.0 SP5 : NetworkManager (EulerOS-SA-2021-2665)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the NetworkManager packages installed, the EulerOS installation on the remote host is\naffected by the following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW\n packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An\n attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2665\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?77833d2c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected NetworkManager packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-adsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-bluetooth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-config-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-libnm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-team\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-tui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-wifi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-wwan\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"NetworkManager-1.10.2-16.h6.eulerosv2r7\",\n \"NetworkManager-adsl-1.10.2-16.h6.eulerosv2r7\",\n \"NetworkManager-bluetooth-1.10.2-16.h6.eulerosv2r7\",\n \"NetworkManager-config-server-1.10.2-16.h6.eulerosv2r7\",\n \"NetworkManager-glib-1.10.2-16.h6.eulerosv2r7\",\n \"NetworkManager-libnm-1.10.2-16.h6.eulerosv2r7\",\n \"NetworkManager-team-1.10.2-16.h6.eulerosv2r7\",\n \"NetworkManager-tui-1.10.2-16.h6.eulerosv2r7\",\n \"NetworkManager-wifi-1.10.2-16.h6.eulerosv2r7\",\n \"NetworkManager-wwan-1.10.2-16.h6.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"NetworkManager\");\n}\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-09T15:23:57", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:4361 advisory.\n\n - systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client to have its network reconfigured (CVE-2020-13529)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "RHEL 8 : NetworkManager (RHSA-2021:4361)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529"], "modified": "2022-09-22T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:NetworkManager", "p-cpe:/a:redhat:enterprise_linux:NetworkManager-adsl", "p-cpe:/a:redhat:enterprise_linux:NetworkManager-bluetooth", "p-cpe:/a:redhat:enterprise_linux:NetworkManager-cloud-setup", "p-cpe:/a:redhat:enterprise_linux:NetworkManager-config-connectivity-redhat", "p-cpe:/a:redhat:enterprise_linux:NetworkManager-config-server", "p-cpe:/a:redhat:enterprise_linux:NetworkManager-dispatcher-routing-rules", "p-cpe:/a:redhat:enterprise_linux:NetworkManager-libnm", "p-cpe:/a:redhat:enterprise_linux:NetworkManager-libnm-devel", "p-cpe:/a:redhat:enterprise_linux:NetworkManager-ovs", "p-cpe:/a:redhat:enterprise_linux:NetworkManager-ppp", "p-cpe:/a:redhat:enterprise_linux:NetworkManager-team", "p-cpe:/a:redhat:enterprise_linux:NetworkManager-tui", "p-cpe:/a:redhat:enterprise_linux:NetworkManager-wifi", "p-cpe:/a:redhat:enterprise_linux:NetworkManager-wwan"], "id": "REDHAT-RHSA-2021-4361.NASL", "href": "https://www.tenable.com/plugins/nessus/155100", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:4361. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155100);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/09/22\");\n\n script_cve_id(\"CVE-2020-13529\");\n script_xref(name:\"RHSA\", value:\"2021:4361\");\n\n script_name(english:\"RHEL 8 : NetworkManager (RHSA-2021:4361)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2021:4361 advisory.\n\n - systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client to have\n its network reconfigured (CVE-2020-13529)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-13529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4361\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1959397\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(306);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager-adsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager-bluetooth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager-cloud-setup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager-config-connectivity-redhat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager-config-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager-dispatcher-routing-rules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager-libnm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager-libnm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager-ppp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager-team\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager-tui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager-wifi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager-wwan\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ],\n 'enterprise_linux_8_highavailability': [\n 'rhel-8-for-aarch64-highavailability-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-rpms',\n 'rhel-8-for-aarch64-highavailability-source-rpms',\n 'rhel-8-for-s390x-highavailability-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-rpms',\n 'rhel-8-for-s390x-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-rpms',\n 'rhel-8-for-x86_64-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'enterprise_linux_8_nfv': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'enterprise_linux_8_realtime': [\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'enterprise_linux_8_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-rpms',\n 'rhel-8-for-s390x-resilientstorage-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-rpms',\n 'rhel-8-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_8_sap': [\n 'rhel-8-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-rpms',\n 'rhel-8-for-s390x-sap-netweaver-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_8_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-rpms',\n 'rhel-8-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_8_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-rpms',\n 'rhel-8-for-aarch64-supplementary-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-rpms',\n 'rhel-8-for-s390x-supplementary-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-rpms',\n 'rhel-8-for-x86_64-supplementary-source-rpms'\n ],\n 'rhel_aus_8_6_appstream': [\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms__8_DOT_6'\n ],\n 'rhel_aus_8_6_baseos': [\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms__8_DOT_6'\n ],\n 'rhel_e4s_8_6_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_6'\n ],\n 'rhel_e4s_8_6_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_6'\n ],\n 'rhel_e4s_8_6_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_6'\n ],\n 'rhel_e4s_8_6_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_6'\n ],\n 'rhel_e4s_8_6_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_6'\n ],\n 'rhel_eus_8_6_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_6',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_6',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_6',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_6',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_6',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ],\n 'rhel_eus_8_6_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_6',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_6',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_6',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_6',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_6',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms'\n ],\n 'rhel_eus_8_6_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_6',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_6',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_6',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_6',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_6',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_6',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_6',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_6',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_6'\n ],\n 'rhel_eus_8_6_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_6',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_6',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_6',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_6',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_6',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'rhel_eus_8_6_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_6',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_6',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_6'\n ],\n 'rhel_eus_8_6_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_6',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_6',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_6'\n ],\n 'rhel_eus_8_6_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_6'\n ],\n 'rhel_eus_8_6_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_6',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_6',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_6',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_6'\n ],\n 'rhel_tus_8_6_appstream': [\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms__8_DOT_6'\n ],\n 'rhel_tus_8_6_baseos': [\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms__8_DOT_6'\n ],\n 'rhel_tus_8_6_highavailability': [\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms__8_DOT_6'\n ],\n 'rhel_tus_8_6_realtime': [\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms__8_DOT_6',\n 'rhel-8-for-x86_64-rt-tus-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms__8_DOT_6'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\nvar repos_found = !(isnull(repo_sets) || isnull(max_index(keys(repo_sets))));\n\nvar constraints = [\n {\n 'repo_list': ['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary'],\n 'pkgs': [\n {'reference':'NetworkManager-1.32.10-4.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-adsl-1.32.10-4.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-bluetooth-1.32.10-4.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-cloud-setup-1.32.10-4.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-config-connectivity-redhat-1.32.10-4.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-config-server-1.32.10-4.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-dispatcher-routing-rules-1.32.10-4.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-libnm-1.32.10-4.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-libnm-devel-1.32.10-4.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-ovs-1.32.10-4.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-ppp-1.32.10-4.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-team-1.32.10-4.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-tui-1.32.10-4.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-wifi-1.32.10-4.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-wwan-1.32.10-4.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_list': ['rhel_aus_8_6_appstream', 'rhel_aus_8_6_baseos', 'rhel_e4s_8_6_appstream', 'rhel_e4s_8_6_baseos', 'rhel_e4s_8_6_highavailability', 'rhel_e4s_8_6_sap', 'rhel_e4s_8_6_sap_hana', 'rhel_eus_8_6_appstream', 'rhel_eus_8_6_baseos', 'rhel_eus_8_6_crb', 'rhel_eus_8_6_highavailability', 'rhel_eus_8_6_resilientstorage', 'rhel_eus_8_6_sap', 'rhel_eus_8_6_sap_hana', 'rhel_eus_8_6_supplementary', 'rhel_tus_8_6_appstream', 'rhel_tus_8_6_baseos', 'rhel_tus_8_6_highavailability', 'rhel_tus_8_6_realtime'],\n 'pkgs': [\n {'reference':'NetworkManager-1.32.10-4.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-adsl-1.32.10-4.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-bluetooth-1.32.10-4.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-cloud-setup-1.32.10-4.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-config-connectivity-redhat-1.32.10-4.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-config-server-1.32.10-4.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-dispatcher-routing-rules-1.32.10-4.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-libnm-1.32.10-4.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-libnm-devel-1.32.10-4.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-ovs-1.32.10-4.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-ppp-1.32.10-4.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-team-1.32.10-4.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-tui-1.32.10-4.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-wifi-1.32.10-4.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'NetworkManager-wwan-1.32.10-4.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_list = NULL;\n if (!empty_or_null(constraint_array['repo_list'])) repo_list = constraint_array['repo_list'];\n var enterprise_linux_flag = rhel_repo_sets_has_enterprise_linux(repo_sets:repo_list);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n release &&\n rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) &&\n (repos_found || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'NetworkManager / NetworkManager-adsl / NetworkManager-bluetooth / etc');\n}\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-09T15:25:35", "description": "According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2021-12-29T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.0 : systemd (EulerOS-SA-2021-2824)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529"], "modified": "2021-12-29T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libgudev1", "p-cpe:/a:huawei:euleros:systemd", "p-cpe:/a:huawei:euleros:systemd-libs", "p-cpe:/a:huawei:euleros:systemd-networkd", "p-cpe:/a:huawei:euleros:systemd-python", "p-cpe:/a:huawei:euleros:systemd-resolved", "p-cpe:/a:huawei:euleros:systemd-sysv", "p-cpe:/a:huawei:euleros:systemd-udev-compat", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2021-2824.NASL", "href": "https://www.tenable.com/plugins/nessus/156365", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156365);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/12/29\");\n\n script_cve_id(\"CVE-2020-13529\");\n\n script_name(english:\"EulerOS Virtualization 3.0.2.0 : systemd (EulerOS-SA-2021-2824)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW\n packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An\n attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2824\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1a391dc7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected systemd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libgudev1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-networkd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-resolved\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-sysv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-udev-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"libgudev1-219-62.5.h125\",\n \"systemd-219-62.5.h125\",\n \"systemd-libs-219-62.5.h125\",\n \"systemd-networkd-219-62.5.h125\",\n \"systemd-python-219-62.5.h125\",\n \"systemd-resolved-219-62.5.h125\",\n \"systemd-sysv-219-62.5.h125\",\n \"systemd-udev-compat-219-62.5.h125\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-09T15:16:19", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has NetworkManager packages installed that are affected by a vulnerability:\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : NetworkManager Vulnerability (NS-SA-2022-0070)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_main:NetworkManager", "p-cpe:/a:zte:cgsl_main:NetworkManager-libnm", "p-cpe:/a:zte:cgsl_main:NetworkManager-ovs", "p-cpe:/a:zte:cgsl_main:NetworkManager-team", "p-cpe:/a:zte:cgsl_main:NetworkManager-tui", "p-cpe:/a:zte:cgsl_main:NetworkManager-wifi", "cpe:/o:zte:cgsl_main:6"], "id": "NEWSTART_CGSL_NS-SA-2022-0070_NETWORKMANAGER.NASL", "href": "https://www.tenable.com/plugins/nessus/160754", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0070. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160754);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\"CVE-2020-13529\");\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : NetworkManager Vulnerability (NS-SA-2022-0070)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has NetworkManager packages installed that are affected by a\nvulnerability:\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW\n packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An\n attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0070\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-13529\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL NetworkManager packages. Note that updated packages may not be available yet. Please contact\nZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-libnm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-team\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-tui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:NetworkManager-wifi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL MAIN 6.02': [\n 'NetworkManager-1.32.10-4.el8',\n 'NetworkManager-libnm-1.32.10-4.el8',\n 'NetworkManager-ovs-1.32.10-4.el8',\n 'NetworkManager-team-1.32.10-4.el8',\n 'NetworkManager-tui-1.32.10-4.el8',\n 'NetworkManager-wifi-1.32.10-4.el8'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'NetworkManager');\n}\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-09T15:09:28", "description": "According to the versions of the NetworkManager packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2022-02-23T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : NetworkManager (EulerOS-SA-2022-1178)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529"], "modified": "2022-02-23T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:NetworkManager", "p-cpe:/a:huawei:euleros:NetworkManager-adsl", "p-cpe:/a:huawei:euleros:NetworkManager-bluetooth", "p-cpe:/a:huawei:euleros:NetworkManager-config-server", "p-cpe:/a:huawei:euleros:NetworkManager-glib", "p-cpe:/a:huawei:euleros:NetworkManager-libnm", "p-cpe:/a:huawei:euleros:NetworkManager-team", "p-cpe:/a:huawei:euleros:NetworkManager-tui", "p-cpe:/a:huawei:euleros:NetworkManager-wifi", "p-cpe:/a:huawei:euleros:NetworkManager-wwan", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1178.NASL", "href": "https://www.tenable.com/plugins/nessus/158295", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158295);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/23\");\n\n script_cve_id(\"CVE-2020-13529\");\n\n script_name(english:\"EulerOS 2.0 SP3 : NetworkManager (EulerOS-SA-2022-1178)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the NetworkManager packages installed, the EulerOS installation on the remote host is\naffected by the following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW\n packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An\n attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1178\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bf503eab\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected NetworkManager packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-adsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-bluetooth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-config-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-libnm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-team\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-tui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-wifi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-wwan\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"NetworkManager-1.10.2-16.h10\",\n \"NetworkManager-adsl-1.10.2-16.h10\",\n \"NetworkManager-bluetooth-1.10.2-16.h10\",\n \"NetworkManager-config-server-1.10.2-16.h10\",\n \"NetworkManager-glib-1.10.2-16.h10\",\n \"NetworkManager-libnm-1.10.2-16.h10\",\n \"NetworkManager-team-1.10.2-16.h10\",\n \"NetworkManager-tui-1.10.2-16.h10\",\n \"NetworkManager-wifi-1.10.2-16.h10\",\n \"NetworkManager-wwan-1.10.2-16.h10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"NetworkManager\");\n}\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-09T15:24:32", "description": "The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:4361 advisory.\n\n - systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client to have its network reconfigured (CVE-2020-13529)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2021-11-13T00:00:00", "type": "nessus", "title": "CentOS 8 : NetworkManager (CESA-2021:4361)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529"], "modified": "2021-11-13T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:NetworkManager", "p-cpe:/a:centos:centos:NetworkManager-adsl", "p-cpe:/a:centos:centos:NetworkManager-bluetooth", "p-cpe:/a:centos:centos:NetworkManager-cloud-setup", "p-cpe:/a:centos:centos:NetworkManager-config-connectivity-redhat", "p-cpe:/a:centos:centos:NetworkManager-config-server", "p-cpe:/a:centos:centos:NetworkManager-dispatcher-routing-rules", "p-cpe:/a:centos:centos:NetworkManager-libnm", "p-cpe:/a:centos:centos:NetworkManager-libnm-devel", "p-cpe:/a:centos:centos:NetworkManager-ovs", "p-cpe:/a:centos:centos:NetworkManager-ppp", "p-cpe:/a:centos:centos:NetworkManager-team", "p-cpe:/a:centos:centos:NetworkManager-tui", "p-cpe:/a:centos:centos:NetworkManager-wifi", "p-cpe:/a:centos:centos:NetworkManager-wwan"], "id": "CENTOS8_RHSA-2021-4361.NASL", "href": "https://www.tenable.com/plugins/nessus/155343", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:4361. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155343);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/13\");\n\n script_cve_id(\"CVE-2020-13529\");\n script_xref(name:\"RHSA\", value:\"2021:4361\");\n\n script_name(english:\"CentOS 8 : NetworkManager (CESA-2021:4361)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2021:4361 advisory.\n\n - systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client to have\n its network reconfigured (CVE-2020-13529)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4361\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager-adsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager-bluetooth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager-cloud-setup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager-config-connectivity-redhat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager-config-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager-dispatcher-routing-rules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager-libnm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager-libnm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager-ppp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager-team\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager-tui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager-wifi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager-wwan\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'NetworkManager-1.32.10-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'NetworkManager-1.32.10-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'NetworkManager-adsl-1.32.10-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'NetworkManager-adsl-1.32.10-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'NetworkManager-bluetooth-1.32.10-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'NetworkManager-bluetooth-1.32.10-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'NetworkManager-cloud-setup-1.32.10-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'NetworkManager-cloud-setup-1.32.10-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'NetworkManager-config-connectivity-redhat-1.32.10-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'NetworkManager-config-connectivity-redhat-1.32.10-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'NetworkManager-config-server-1.32.10-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'NetworkManager-config-server-1.32.10-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'NetworkManager-dispatcher-routing-rules-1.32.10-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'NetworkManager-dispatcher-routing-rules-1.32.10-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'NetworkManager-libnm-1.32.10-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'NetworkManager-libnm-1.32.10-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'NetworkManager-libnm-devel-1.32.10-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'NetworkManager-libnm-devel-1.32.10-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'NetworkManager-ovs-1.32.10-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'NetworkManager-ovs-1.32.10-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'NetworkManager-ppp-1.32.10-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'NetworkManager-ppp-1.32.10-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'NetworkManager-team-1.32.10-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'NetworkManager-team-1.32.10-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'NetworkManager-tui-1.32.10-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'NetworkManager-tui-1.32.10-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'NetworkManager-wifi-1.32.10-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'NetworkManager-wifi-1.32.10-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'NetworkManager-wwan-1.32.10-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'NetworkManager-wwan-1.32.10-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'NetworkManager / NetworkManager-adsl / NetworkManager-bluetooth / etc');\n}\n", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-09T15:17:13", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS / 20.10 / 21.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5013-1 advisory.\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\n - basic/unit-name.c in systemd 220 through 248 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. (CVE-2021-33910)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2021-07-20T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS / 20.10 / 21.04 : systemd vulnerabilities (USN-5013-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529", "CVE-2021-33910"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.10", "cpe:/o:canonical:ubuntu_linux:21.04", "p-cpe:/a:canonical:ubuntu_linux:libnss-myhostname", "p-cpe:/a:canonical:ubuntu_linux:libnss-mymachines", "p-cpe:/a:canonical:ubuntu_linux:libnss-resolve", "p-cpe:/a:canonical:ubuntu_linux:libnss-systemd", "p-cpe:/a:canonical:ubuntu_linux:libpam-systemd", "p-cpe:/a:canonical:ubuntu_linux:libsystemd-dev", "p-cpe:/a:canonical:ubuntu_linux:libsystemd0", "p-cpe:/a:canonical:ubuntu_linux:libudev-dev", "p-cpe:/a:canonical:ubuntu_linux:libudev1", "p-cpe:/a:canonical:ubuntu_linux:libudev1-udeb", "p-cpe:/a:canonical:ubuntu_linux:systemd", "p-cpe:/a:canonical:ubuntu_linux:systemd-container", "p-cpe:/a:canonical:ubuntu_linux:systemd-coredump", "p-cpe:/a:canonical:ubuntu_linux:systemd-journal-remote", "p-cpe:/a:canonical:ubuntu_linux:systemd-sysv", "p-cpe:/a:canonical:ubuntu_linux:systemd-tests", "p-cpe:/a:canonical:ubuntu_linux:systemd-timesyncd", "p-cpe:/a:canonical:ubuntu_linux:udev", "p-cpe:/a:canonical:ubuntu_linux:udev-udeb"], "id": "UBUNTU_USN-5013-1.NASL", "href": "https://www.tenable.com/plugins/nessus/151836", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5013-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151836);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\"CVE-2020-13529\", \"CVE-2021-33910\");\n script_xref(name:\"USN\", value:\"5013-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0350\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS / 20.10 / 21.04 : systemd vulnerabilities (USN-5013-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS / 20.10 / 21.04 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-5013-1 advisory.\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW\n packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An\n attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\n - basic/unit-name.c in systemd 220 through 248 has a Memory Allocation with an Excessive Size Value\n (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating\n system crash. (CVE-2021-33910)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5013-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-33910\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-13529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:21.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss-myhostname\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss-mymachines\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss-resolve\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss-systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpam-systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsystemd-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsystemd0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libudev-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libudev1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libudev1-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:systemd-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:systemd-coredump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:systemd-journal-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:systemd-sysv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:systemd-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:systemd-timesyncd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:udev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:udev-udeb\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2022 Canonical, Inc. / NASL script (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04|20\\.04|20\\.10|21\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04 / 20.10 / 21.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '18.04', 'pkgname': 'libnss-myhostname', 'pkgver': '237-3ubuntu10.49'},\n {'osver': '18.04', 'pkgname': 'libnss-mymachines', 'pkgver': '237-3ubuntu10.49'},\n {'osver': '18.04', 'pkgname': 'libnss-resolve', 'pkgver': '237-3ubuntu10.49'},\n {'osver': '18.04', 'pkgname': 'libnss-systemd', 'pkgver': '237-3ubuntu10.49'},\n {'osver': '18.04', 'pkgname': 'libpam-systemd', 'pkgver': '237-3ubuntu10.49'},\n {'osver': '18.04', 'pkgname': 'libsystemd-dev', 'pkgver': '237-3ubuntu10.49'},\n {'osver': '18.04', 'pkgname': 'libsystemd0', 'pkgver': '237-3ubuntu10.49'},\n {'osver': '18.04', 'pkgname': 'libudev-dev', 'pkgver': '237-3ubuntu10.49'},\n {'osver': '18.04', 'pkgname': 'libudev1', 'pkgver': '237-3ubuntu10.49'},\n {'osver': '18.04', 'pkgname': 'libudev1-udeb', 'pkgver': '237-3ubuntu10.49'},\n {'osver': '18.04', 'pkgname': 'systemd', 'pkgver': '237-3ubuntu10.49'},\n {'osver': '18.04', 'pkgname': 'systemd-container', 'pkgver': '237-3ubuntu10.49'},\n {'osver': '18.04', 'pkgname': 'systemd-coredump', 'pkgver': '237-3ubuntu10.49'},\n {'osver': '18.04', 'pkgname': 'systemd-journal-remote', 'pkgver': '237-3ubuntu10.49'},\n {'osver': '18.04', 'pkgname': 'systemd-sysv', 'pkgver': '237-3ubuntu10.49'},\n {'osver': '18.04', 'pkgname': 'systemd-tests', 'pkgver': '237-3ubuntu10.49'},\n {'osver': '18.04', 'pkgname': 'udev', 'pkgver': '237-3ubuntu10.49'},\n {'osver': '18.04', 'pkgname': 'udev-udeb', 'pkgver': '237-3ubuntu10.49'},\n {'osver': '20.04', 'pkgname': 'libnss-myhostname', 'pkgver': '245.4-4ubuntu3.10'},\n {'osver': '20.04', 'pkgname': 'libnss-mymachines', 'pkgver': '245.4-4ubuntu3.10'},\n {'osver': '20.04', 'pkgname': 'libnss-resolve', 'pkgver': '245.4-4ubuntu3.10'},\n {'osver': '20.04', 'pkgname': 'libnss-systemd', 'pkgver': '245.4-4ubuntu3.10'},\n {'osver': '20.04', 'pkgname': 'libpam-systemd', 'pkgver': '245.4-4ubuntu3.10'},\n {'osver': '20.04', 'pkgname': 'libsystemd-dev', 'pkgver': '245.4-4ubuntu3.10'},\n {'osver': '20.04', 'pkgname': 'libsystemd0', 'pkgver': '245.4-4ubuntu3.10'},\n {'osver': '20.04', 'pkgname': 'libudev-dev', 'pkgver': '245.4-4ubuntu3.10'},\n {'osver': '20.04', 'pkgname': 'libudev1', 'pkgver': '245.4-4ubuntu3.10'},\n {'osver': '20.04', 'pkgname': 'libudev1-udeb', 'pkgver': '245.4-4ubuntu3.10'},\n {'osver': '20.04', 'pkgname': 'systemd', 'pkgver': '245.4-4ubuntu3.10'},\n {'osver': '20.04', 'pkgname': 'systemd-container', 'pkgver': '245.4-4ubuntu3.10'},\n {'osver': '20.04', 'pkgname': 'systemd-coredump', 'pkgver': '245.4-4ubuntu3.10'},\n {'osver': '20.04', 'pkgname': 'systemd-journal-remote', 'pkgver': '245.4-4ubuntu3.10'},\n {'osver': '20.04', 'pkgname': 'systemd-sysv', 'pkgver': '245.4-4ubuntu3.10'},\n {'osver': '20.04', 'pkgname': 'systemd-tests', 'pkgver': '245.4-4ubuntu3.10'},\n {'osver': '20.04', 'pkgname': 'systemd-timesyncd', 'pkgver': '245.4-4ubuntu3.10'},\n {'osver': '20.04', 'pkgname': 'udev', 'pkgver': '245.4-4ubuntu3.10'},\n {'osver': '20.04', 'pkgname': 'udev-udeb', 'pkgver': '245.4-4ubuntu3.10'},\n {'osver': '20.10', 'pkgname': 'libnss-myhostname', 'pkgver': '246.6-1ubuntu1.7'},\n {'osver': '20.10', 'pkgname': 'libnss-mymachines', 'pkgver': '246.6-1ubuntu1.7'},\n {'osver': '20.10', 'pkgname': 'libnss-resolve', 'pkgver': '246.6-1ubuntu1.7'},\n {'osver': '20.10', 'pkgname': 'libnss-systemd', 'pkgver': '246.6-1ubuntu1.7'},\n {'osver': '20.10', 'pkgname': 'libpam-systemd', 'pkgver': '246.6-1ubuntu1.7'},\n {'osver': '20.10', 'pkgname': 'libsystemd-dev', 'pkgver': '246.6-1ubuntu1.7'},\n {'osver': '20.10', 'pkgname': 'libsystemd0', 'pkgver': '246.6-1ubuntu1.7'},\n {'osver': '20.10', 'pkgname': 'libudev-dev', 'pkgver': '246.6-1ubuntu1.7'},\n {'osver': '20.10', 'pkgname': 'libudev1', 'pkgver': '246.6-1ubuntu1.7'},\n {'osver': '20.10', 'pkgname': 'libudev1-udeb', 'pkgver': '246.6-1ubuntu1.7'},\n {'osver': '20.10', 'pkgname': 'systemd', 'pkgver': '246.6-1ubuntu1.7'},\n {'osver': '20.10', 'pkgname': 'systemd-container', 'pkgver': '246.6-1ubuntu1.7'},\n {'osver': '20.10', 'pkgname': 'systemd-coredump', 'pkgver': '246.6-1ubuntu1.7'},\n {'osver': '20.10', 'pkgname': 'systemd-journal-remote', 'pkgver': '246.6-1ubuntu1.7'},\n {'osver': '20.10', 'pkgname': 'systemd-sysv', 'pkgver': '246.6-1ubuntu1.7'},\n {'osver': '20.10', 'pkgname': 'systemd-tests', 'pkgver': '246.6-1ubuntu1.7'},\n {'osver': '20.10', 'pkgname': 'systemd-timesyncd', 'pkgver': '246.6-1ubuntu1.7'},\n {'osver': '20.10', 'pkgname': 'udev', 'pkgver': '246.6-1ubuntu1.7'},\n {'osver': '20.10', 'pkgname': 'udev-udeb', 'pkgver': '246.6-1ubuntu1.7'},\n {'osver': '21.04', 'pkgname': 'libnss-myhostname', 'pkgver': '247.3-3ubuntu3.4'},\n {'osver': '21.04', 'pkgname': 'libnss-mymachines', 'pkgver': '247.3-3ubuntu3.4'},\n {'osver': '21.04', 'pkgname': 'libnss-resolve', 'pkgver': '247.3-3ubuntu3.4'},\n {'osver': '21.04', 'pkgname': 'libnss-systemd', 'pkgver': '247.3-3ubuntu3.4'},\n {'osver': '21.04', 'pkgname': 'libpam-systemd', 'pkgver': '247.3-3ubuntu3.4'},\n {'osver': '21.04', 'pkgname': 'libsystemd-dev', 'pkgver': '247.3-3ubuntu3.4'},\n {'osver': '21.04', 'pkgname': 'libsystemd0', 'pkgver': '247.3-3ubuntu3.4'},\n {'osver': '21.04', 'pkgname': 'libudev-dev', 'pkgver': '247.3-3ubuntu3.4'},\n {'osver': '21.04', 'pkgname': 'libudev1', 'pkgver': '247.3-3ubuntu3.4'},\n {'osver': '21.04', 'pkgname': 'systemd', 'pkgver': '247.3-3ubuntu3.4'},\n {'osver': '21.04', 'pkgname': 'systemd-container', 'pkgver': '247.3-3ubuntu3.4'},\n {'osver': '21.04', 'pkgname': 'systemd-coredump', 'pkgver': '247.3-3ubuntu3.4'},\n {'osver': '21.04', 'pkgname': 'systemd-journal-remote', 'pkgver': '247.3-3ubuntu3.4'},\n {'osver': '21.04', 'pkgname': 'systemd-sysv', 'pkgver': '247.3-3ubuntu3.4'},\n {'osver': '21.04', 'pkgname': 'systemd-tests', 'pkgver': '247.3-3ubuntu3.4'},\n {'osver': '21.04', 'pkgname': 'systemd-timesyncd', 'pkgver': '247.3-3ubuntu3.4'},\n {'osver': '21.04', 'pkgname': 'udev', 'pkgver': '247.3-3ubuntu3.4'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libnss-myhostname / libnss-mymachines / libnss-resolve / etc');\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-10-09T15:18:13", "description": "The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5013-2 advisory.\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\n - basic/unit-name.c in systemd 220 through 248 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. (CVE-2021-33910)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2021-07-20T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : systemd vulnerabilities (USN-5013-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529", "CVE-2021-33910"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libnss-myhostname", "p-cpe:/a:canonical:ubuntu_linux:libnss-mymachines", "p-cpe:/a:canonical:ubuntu_linux:libnss-resolve", "p-cpe:/a:canonical:ubuntu_linux:libpam-systemd", "p-cpe:/a:canonical:ubuntu_linux:libsystemd-dev", "p-cpe:/a:canonical:ubuntu_linux:libsystemd0", "p-cpe:/a:canonical:ubuntu_linux:libudev-dev", "p-cpe:/a:canonical:ubuntu_linux:libudev1", "p-cpe:/a:canonical:ubuntu_linux:libudev1-udeb", "p-cpe:/a:canonical:ubuntu_linux:systemd", "p-cpe:/a:canonical:ubuntu_linux:systemd-container", "p-cpe:/a:canonical:ubuntu_linux:systemd-coredump", "p-cpe:/a:canonical:ubuntu_linux:systemd-journal-remote", "p-cpe:/a:canonical:ubuntu_linux:systemd-sysv", "p-cpe:/a:canonical:ubuntu_linux:udev", "p-cpe:/a:canonical:ubuntu_linux:udev-udeb"], "id": "UBUNTU_USN-5013-2.NASL", "href": "https://www.tenable.com/plugins/nessus/151835", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5013-2. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151835);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\"CVE-2020-13529\", \"CVE-2021-33910\");\n script_xref(name:\"USN\", value:\"5013-2\");\n script_xref(name:\"IAVA\", value:\"2021-A-0350\");\n\n script_name(english:\"Ubuntu 16.04 LTS : systemd vulnerabilities (USN-5013-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-5013-2 advisory.\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW\n packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An\n attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\n - basic/unit-name.c in systemd 220 through 248 has a Memory Allocation with an Excessive Size Value\n (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating\n system crash. (CVE-2021-33910)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5013-2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-33910\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-13529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss-myhostname\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss-mymachines\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss-resolve\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpam-systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsystemd-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsystemd0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libudev-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libudev1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libudev1-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:systemd-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:systemd-coredump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:systemd-journal-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:systemd-sysv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:udev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:udev-udeb\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2022 Canonical, Inc. / NASL script (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'libnss-myhostname', 'pkgver': '229-4ubuntu21.31+esm1'},\n {'osver': '16.04', 'pkgname': 'libnss-mymachines', 'pkgver': '229-4ubuntu21.31+esm1'},\n {'osver': '16.04', 'pkgname': 'libnss-resolve', 'pkgver': '229-4ubuntu21.31+esm1'},\n {'osver': '16.04', 'pkgname': 'libpam-systemd', 'pkgver': '229-4ubuntu21.31+esm1'},\n {'osver': '16.04', 'pkgname': 'libsystemd-dev', 'pkgver': '229-4ubuntu21.31+esm1'},\n {'osver': '16.04', 'pkgname': 'libsystemd0', 'pkgver': '229-4ubuntu21.31+esm1'},\n {'osver': '16.04', 'pkgname': 'libudev-dev', 'pkgver': '229-4ubuntu21.31+esm1'},\n {'osver': '16.04', 'pkgname': 'libudev1', 'pkgver': '229-4ubuntu21.31+esm1'},\n {'osver': '16.04', 'pkgname': 'libudev1-udeb', 'pkgver': '229-4ubuntu21.31+esm1'},\n {'osver': '16.04', 'pkgname': 'systemd', 'pkgver': '229-4ubuntu21.31+esm1'},\n {'osver': '16.04', 'pkgname': 'systemd-container', 'pkgver': '229-4ubuntu21.31+esm1'},\n {'osver': '16.04', 'pkgname': 'systemd-coredump', 'pkgver': '229-4ubuntu21.31+esm1'},\n {'osver': '16.04', 'pkgname': 'systemd-journal-remote', 'pkgver': '229-4ubuntu21.31+esm1'},\n {'osver': '16.04', 'pkgname': 'systemd-sysv', 'pkgver': '229-4ubuntu21.31+esm1'},\n {'osver': '16.04', 'pkgname': 'udev', 'pkgver': '229-4ubuntu21.31+esm1'},\n {'osver': '16.04', 'pkgname': 'udev-udeb', 'pkgver': '229-4ubuntu21.31+esm1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libnss-myhostname / libnss-mymachines / libnss-resolve / etc');\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-10-09T15:19:08", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2809-1 advisory.\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\n - basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. (CVE-2021-33910)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2021-08-24T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2021:2809-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529", "CVE-2021-33910"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libsystemd0", "p-cpe:/a:novell:suse_linux:libsystemd0-32bit", "p-cpe:/a:novell:suse_linux:libudev-devel", "p-cpe:/a:novell:suse_linux:libudev1", "p-cpe:/a:novell:suse_linux:libudev1-32bit", "p-cpe:/a:novell:suse_linux:systemd", "p-cpe:/a:novell:suse_linux:systemd-32bit", "p-cpe:/a:novell:suse_linux:systemd-container", "p-cpe:/a:novell:suse_linux:systemd-coredump", "p-cpe:/a:novell:suse_linux:systemd-devel", "p-cpe:/a:novell:suse_linux:systemd-doc", "p-cpe:/a:novell:suse_linux:systemd-journal-remote", "p-cpe:/a:novell:suse_linux:systemd-lang", "p-cpe:/a:novell:suse_linux:systemd-sysvinit", "p-cpe:/a:novell:suse_linux:udev", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-2809-1.NASL", "href": "https://www.tenable.com/plugins/nessus/152760", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2809-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152760);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\"CVE-2020-13529\", \"CVE-2021-33910\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2809-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0350\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2021:2809-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:2809-1 advisory.\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW\n packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An\n attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\n - basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an\n Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that\n results in an operating system crash. (CVE-2021-33910)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1166028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1171962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188063\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-August/009328.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f4e60066\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-13529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33910\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-33910\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-13529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsystemd0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsystemd0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libudev-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libudev1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libudev1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-coredump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-journal-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:udev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'libsystemd0-246.15-7.11.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libsystemd0-246.15-7.11.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libsystemd0-32bit-246.15-7.11.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libsystemd0-32bit-246.15-7.11.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libudev-devel-246.15-7.11.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libudev-devel-246.15-7.11.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libudev1-246.15-7.11.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libudev1-246.15-7.11.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libudev1-32bit-246.15-7.11.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libudev1-32bit-246.15-7.11.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'systemd-246.15-7.11.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'systemd-246.15-7.11.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'systemd-32bit-246.15-7.11.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'systemd-32bit-246.15-7.11.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'systemd-container-246.15-7.11.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'systemd-container-246.15-7.11.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'systemd-coredump-246.15-7.11.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'systemd-coredump-246.15-7.11.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'systemd-devel-246.15-7.11.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'systemd-devel-246.15-7.11.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'systemd-doc-246.15-7.11.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'systemd-doc-246.15-7.11.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'systemd-journal-remote-246.15-7.11.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'systemd-journal-remote-246.15-7.11.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'systemd-lang-246.15-7.11.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'systemd-lang-246.15-7.11.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'systemd-sysvinit-246.15-7.11.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'systemd-sysvinit-246.15-7.11.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'udev-246.15-7.11.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'udev-246.15-7.11.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libsystemd0 / libsystemd0-32bit / libudev-devel / libudev1 / etc');\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-10-09T15:18:35", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2809-1 advisory.\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\n - basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. (CVE-2021-33910)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2021-08-24T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : systemd (openSUSE-SU-2021:2809-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529", "CVE-2021-33910"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libsystemd0", "p-cpe:/a:novell:opensuse:libsystemd0-32bit", "p-cpe:/a:novell:opensuse:libudev-devel", "p-cpe:/a:novell:opensuse:libudev-devel-32bit", "p-cpe:/a:novell:opensuse:libudev1", "p-cpe:/a:novell:opensuse:libudev1-32bit", "p-cpe:/a:novell:opensuse:nss-myhostname", "p-cpe:/a:novell:opensuse:nss-myhostname-32bit", "p-cpe:/a:novell:opensuse:nss-mymachines", "p-cpe:/a:novell:opensuse:nss-mymachines-32bit", "p-cpe:/a:novell:opensuse:nss-resolve", "p-cpe:/a:novell:opensuse:nss-systemd", "p-cpe:/a:novell:opensuse:systemd", "p-cpe:/a:novell:opensuse:systemd-32bit", "p-cpe:/a:novell:opensuse:systemd-container", "p-cpe:/a:novell:opensuse:systemd-coredump", "p-cpe:/a:novell:opensuse:systemd-devel", "p-cpe:/a:novell:opensuse:systemd-journal-remote", "p-cpe:/a:novell:opensuse:systemd-lang", "p-cpe:/a:novell:opensuse:systemd-logger", "p-cpe:/a:novell:opensuse:systemd-network", "p-cpe:/a:novell:opensuse:systemd-sysvinit", "p-cpe:/a:novell:opensuse:udev", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-2809.NASL", "href": "https://www.tenable.com/plugins/nessus/152768", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:2809-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152768);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\"CVE-2020-13529\", \"CVE-2021-33910\");\n script_xref(name:\"IAVA\", value:\"2021-A-0350\");\n\n script_name(english:\"openSUSE 15 Security Update : systemd (openSUSE-SU-2021:2809-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:2809-1 advisory.\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW\n packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An\n attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\n - basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an\n Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that\n results in an operating system crash. (CVE-2021-33910)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1166028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1171962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188063\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PFXYBJHAFZNV57EZ4VL2LC446RMO7HVT/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2d00f137\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-13529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33910\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-33910\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-13529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsystemd0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsystemd0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-myhostname\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-myhostname-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-mymachines\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-mymachines-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-resolve\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-coredump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-journal-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-logger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:udev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'libsystemd0-246.15-7.11.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsystemd0-32bit-246.15-7.11.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libudev-devel-246.15-7.11.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libudev-devel-32bit-246.15-7.11.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libudev1-246.15-7.11.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libudev1-32bit-246.15-7.11.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nss-myhostname-246.15-7.11.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nss-myhostname-32bit-246.15-7.11.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nss-mymachines-246.15-7.11.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nss-mymachines-32bit-246.15-7.11.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nss-resolve-246.15-7.11.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nss-systemd-246.15-7.11.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-246.15-7.11.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-32bit-246.15-7.11.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-container-246.15-7.11.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-coredump-246.15-7.11.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-devel-246.15-7.11.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-journal-remote-246.15-7.11.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-lang-246.15-7.11.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-logger-246.15-7.11.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-network-246.15-7.11.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-sysvinit-246.15-7.11.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'udev-246.15-7.11.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libsystemd0 / libsystemd0-32bit / libudev-devel / libudev-devel-32bit / etc');\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-10-09T15:23:56", "description": "According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\n - basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. (CVE-2021-33910)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : systemd (EulerOS-SA-2021-2700)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529", "CVE-2021-33910"], "modified": "2022-05-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:systemd", "p-cpe:/a:huawei:euleros:systemd-container", "p-cpe:/a:huawei:euleros:systemd-libs", "p-cpe:/a:huawei:euleros:systemd-udev", "p-cpe:/a:huawei:euleros:systemd-udev-compat", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2700.NASL", "href": "https://www.tenable.com/plugins/nessus/155247", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155247);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\"CVE-2020-13529\", \"CVE-2021-33910\");\n script_xref(name:\"IAVA\", value:\"2021-A-0350\");\n\n script_name(english:\"EulerOS 2.0 SP9 : systemd (EulerOS-SA-2021-2700)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW\n packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An\n attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\n - basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an\n Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that\n results in an operating system crash. (CVE-2021-33910)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2700\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f885ba45\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected systemd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-33910\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-13529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-udev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-udev-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"systemd-243-18.h95.eulerosv2r9\",\n \"systemd-container-243-18.h95.eulerosv2r9\",\n \"systemd-libs-243-18.h95.eulerosv2r9\",\n \"systemd-udev-243-18.h95.eulerosv2r9\",\n \"systemd-udev-compat-243-18.h95.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-10-09T15:23:21", "description": "According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\n - basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. (CVE-2021-33910)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2021-11-17T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : systemd (EulerOS-SA-2021-2778)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529", "CVE-2021-33910"], "modified": "2022-05-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:systemd", "p-cpe:/a:huawei:euleros:systemd-container", "p-cpe:/a:huawei:euleros:systemd-libs", "p-cpe:/a:huawei:euleros:systemd-udev", "p-cpe:/a:huawei:euleros:systemd-udev-compat", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2021-2778.NASL", "href": "https://www.tenable.com/plugins/nessus/155487", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155487);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\"CVE-2020-13529\", \"CVE-2021-33910\");\n script_xref(name:\"IAVA\", value:\"2021-A-0350\");\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : systemd (EulerOS-SA-2021-2778)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW\n packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An\n attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\n - basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an\n Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that\n results in an operating system crash. (CVE-2021-33910)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2778\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?79665705\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected systemd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-33910\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-13529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-udev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-udev-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"systemd-243-18.h95.eulerosv2r9\",\n \"systemd-container-243-18.h95.eulerosv2r9\",\n \"systemd-libs-243-18.h95.eulerosv2r9\",\n \"systemd-udev-243-18.h95.eulerosv2r9\",\n \"systemd-udev-compat-243-18.h95.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-10-09T15:23:21", "description": "According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\n - basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. (CVE-2021-33910)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2021-11-17T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : systemd (EulerOS-SA-2021-2752)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529", "CVE-2021-33910"], "modified": "2022-05-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:systemd", "p-cpe:/a:huawei:euleros:systemd-container", "p-cpe:/a:huawei:euleros:systemd-libs", "p-cpe:/a:huawei:euleros:systemd-udev", "p-cpe:/a:huawei:euleros:systemd-udev-compat", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2021-2752.NASL", "href": "https://www.tenable.com/plugins/nessus/155530", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155530);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\"CVE-2020-13529\", \"CVE-2021-33910\");\n script_xref(name:\"IAVA\", value:\"2021-A-0350\");\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : systemd (EulerOS-SA-2021-2752)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW\n packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An\n attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\n - basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an\n Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that\n results in an operating system crash. (CVE-2021-33910)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2752\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c47d771a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected systemd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-33910\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-13529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-udev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-udev-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"systemd-243-18.h95.eulerosv2r9\",\n \"systemd-container-243-18.h95.eulerosv2r9\",\n \"systemd-libs-243-18.h95.eulerosv2r9\",\n \"systemd-udev-243-18.h95.eulerosv2r9\",\n \"systemd-udev-compat-243-18.h95.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-10-09T15:08:01", "description": "The remote host is affected by the vulnerability described in GLSA-202107-48 (systemd: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in systemd. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2022-01-24T00:00:00", "type": "nessus", "title": "GLSA-202107-48 : systemd: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529", "CVE-2021-33910"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:systemd", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202107-48.NASL", "href": "https://www.tenable.com/plugins/nessus/157025", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202107-48.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(157025);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\"CVE-2020-13529\", \"CVE-2021-33910\");\n script_xref(name:\"GLSA\", value:\"202107-48\");\n\n script_name(english:\"GLSA-202107-48 : systemd: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202107-48\n(systemd: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in systemd. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202107-48\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All systemd users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/systemd-248.5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-33910\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/systemd\", unaffected:make_list(\"ge 248.5\"), vulnerable:make_list(\"lt 248.5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-10-09T15:11:19", "description": "According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\n - basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. (CVE-2021-33910)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2022-02-12T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.0 : systemd (EulerOS-SA-2022-1098)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529", "CVE-2021-33910"], "modified": "2022-05-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:systemd", "p-cpe:/a:huawei:euleros:systemd-container", "p-cpe:/a:huawei:euleros:systemd-devel", "p-cpe:/a:huawei:euleros:systemd-journal-remote", "p-cpe:/a:huawei:euleros:systemd-libs", "p-cpe:/a:huawei:euleros:systemd-pam", "p-cpe:/a:huawei:euleros:systemd-udev", "p-cpe:/a:huawei:euleros:systemd-udev-compat", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2022-1098.NASL", "href": "https://www.tenable.com/plugins/nessus/157988", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157988);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\"CVE-2020-13529\", \"CVE-2021-33910\");\n script_xref(name:\"IAVA\", value:\"2021-A-0350\");\n\n script_name(english:\"EulerOS Virtualization 3.0.6.0 : systemd (EulerOS-SA-2022-1098)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW\n packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An\n attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\n - basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an\n Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that\n results in an operating system crash. (CVE-2021-33910)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1098\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3b41f4e2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected systemd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-33910\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-13529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-journal-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-udev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-udev-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"systemd-239-3.h121.eulerosv2r8\",\n \"systemd-container-239-3.h121.eulerosv2r8\",\n \"systemd-devel-239-3.h121.eulerosv2r8\",\n \"systemd-journal-remote-239-3.h121.eulerosv2r8\",\n \"systemd-libs-239-3.h121.eulerosv2r8\",\n \"systemd-pam-239-3.h121.eulerosv2r8\",\n \"systemd-udev-239-3.h121.eulerosv2r8\",\n \"systemd-udev-compat-239-3.h121.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-10-09T15:23:40", "description": "According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\n - basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. (CVE-2021-33910)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : systemd (EulerOS-SA-2021-2725)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13529", "CVE-2021-33910"], "modified": "2022-05-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:systemd", "p-cpe:/a:huawei:euleros:systemd-container", "p-cpe:/a:huawei:euleros:systemd-libs", "p-cpe:/a:huawei:euleros:systemd-udev", "p-cpe:/a:huawei:euleros:systemd-udev-compat", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2725.NASL", "href": "https://www.tenable.com/plugins/nessus/155243", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155243);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\"CVE-2020-13529\", \"CVE-2021-33910\");\n script_xref(name:\"IAVA\", value:\"2021-A-0350\");\n\n script_name(english:\"EulerOS 2.0 SP9 : systemd (EulerOS-SA-2021-2725)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW\n packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An\n attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\n - basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an\n Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that\n results in an operating system crash. (CVE-2021-33910)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2725\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?11ad7254\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected systemd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-33910\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-13529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-udev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-udev-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"systemd-243-18.h95.eulerosv2r9\",\n \"systemd-container-243-18.h95.eulerosv2r9\",\n \"systemd-libs-243-18.h95.eulerosv2r9\",\n \"systemd-udev-243-18.h95.eulerosv2r9\",\n \"systemd-udev-compat-243-18.h95.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-10-13T11:04:30", "description": "The version of systemd installed on the remote host is prior to 219-78. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1854 advisory.\n\n - In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the allow_active element rather than allow_any. (CVE-2019-3842)\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\n - systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082. (CVE-2020-13776)\n\n - A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later. (CVE-2022-2526)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-10-10T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : systemd (ALAS-2022-1854)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000082", "CVE-2019-3842", "CVE-2020-13529", "CVE-2020-13776", "CVE-2022-2526"], "modified": "2022-10-11T00:00:00", "cpe": ["cpe:2.3:o:amazon:linux:2:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:libgudev1:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:libgudev1-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:systemd:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:systemd-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:systemd-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:systemd-journal-gateway:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:systemd-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:systemd-networkd:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:systemd-python:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:systemd-resolved:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:systemd-sysv:*:*:*:*:*:*:*"], "id": "AL2_ALAS-2022-1854.NASL", "href": "https://www.tenable.com/plugins/nessus/165993", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2022-1854.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165993);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/11\");\n\n script_cve_id(\n \"CVE-2019-3842\",\n \"CVE-2020-13529\",\n \"CVE-2020-13776\",\n \"CVE-2022-2526\"\n );\n\n script_name(english:\"Amazon Linux 2 : systemd (ALAS-2022-1854)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of systemd installed on the remote host is prior to 219-78. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2-2022-1854 advisory.\n\n - In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment\n before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to\n set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using\n the allow_active element rather than allow_any. (CVE-2019-3842)\n\n - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW\n packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An\n attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)\n\n - systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed\n by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were\n intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082. (CVE-2020-13776)\n\n - A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function\n and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for\n the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream\n object, causing the use-after-free when the reference is still used later. (CVE-2022-2526)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2022-1854.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2019-3842.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-13529.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-13776.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-2526.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update systemd' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13776\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2526\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libgudev1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libgudev1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:systemd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:systemd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:systemd-journal-gateway\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:systemd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:systemd-networkd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:systemd-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:systemd-resolved\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:systemd-sysv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'libgudev1-219-78.amzn2.0.20', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libgudev1-219-78.amzn2.0.20', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libgudev1-219-78.amzn2.0.20', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libgudev1-devel-219-78.amzn2.0.20', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libgudev1-devel-219-78.amzn2.0.20', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libgudev1-devel-219-78.amzn2.0.20', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-219-78.amzn2.0.20', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-219-78.amzn2.0.20', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-219-78.amzn2.0.20', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-debuginfo-219-78.amzn2.0.20', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-debuginfo-219-78.amzn2.0.20', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-debuginfo-219-78.amzn2.0.20', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-devel-219-78.amzn2.0.20', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-devel-219-78.amzn2.0.20', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-devel-219-78.amzn2.0.20', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-journal-gateway-219-78.amzn2.0.20', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-journal-gateway-219-78.amzn2.0.20', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-journal-gateway-219-78.amzn2.0.20', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-libs-219-78.amzn2.0.20', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-libs-219-78.amzn2.0.20', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-libs-219-78.amzn2.0.20', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-networkd-219-78.amzn2.0.20', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-networkd-219-78.amzn2.0.20', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-networkd-219-78.amzn2.0.20', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-python-219-78.amzn2.0.20', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-python-219-78.amzn2.0.20', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-python-219-78.amzn2.0.20', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-resolved-219-78.amzn2.0.20', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-resolved-219-78.amzn2.0.20', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-resolved-219-78.amzn2.0.20', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-sysv-219-78.amzn2.0.20', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-sysv-219-78.amzn2.0.20', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'systemd-sysv-219-78.amzn2.0.20', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libgudev1 / libgudev1-devel / systemd / etc\");\n}", "cvss": {"score": 6.2, "vector": "CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C"}}], "debiancve": [{"lastseen": "2022-11-11T06:08:33", "description": "An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2021-05-10T16:15:00", "type": "debiancve", "title": "CVE-2020-13529", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.9, "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13529"], "modified": "2021-05-10T16:15:00", "id": "DEBIANCVE:CVE-2020-13529", "href": "https://security-tracker.debian.org/tracker/CVE-2020-13529", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}], "photon": [{"lastseen": "2022-05-12T18:41:41", "description": "Updates of ['systemd'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2021-07-23T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-0272", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.9, "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13529"], "modified": "2021-07-23T00:00:00", "id": "PHSA-2021-0272", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-272", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-03T21:03:39", "description": "An update of {'systemd'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2021-07-23T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2021-3.0-0272", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.9, "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13529"], "modified": "2021-07-23T00:00:00", "id": "PHSA-2021-3.0-0272", "href": "https://github.com/vmware/photon/wiki/Security-Updates-3.0-272", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-03T20:56:20", "description": "An update of {'systemd'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2021-07-26T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2021-2.0-0373", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.9, "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13529"], "modified": "2021-07-26T00:00:00", "id": "PHSA-2021-2.0-0373", "href": "https://github.com/vmware/photon/wiki/Security-Updates-2-373", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-11-29T17:25:33", "description": "Updates of ['systemd'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2021-07-26T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-0373", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.9, "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13529"], "modified": "2021-07-26T00:00:00", "id": "PHSA-2021-0373", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-373", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-26T20:50:54", "description": "An update of {'linux-esx', 'systemd', 'linux', 'python-numpy'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-22T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2021-1.0-0416", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12852", "CVE-2020-13529", "CVE-2021-33909"], "modified": "2021-07-22T00:00:00", "id": "PHSA-2021-1.0-0416", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-416", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T18:55:26", "description": "Updates of ['systemd', 'apache-tomcat'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-21T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0066", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13529", "CVE-2021-30639", "CVE-2021-33037"], "modified": "2021-07-21T00:00:00", "id": "PHSA-2021-0066", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-66", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2022-07-07T17:31:06", "description": "An exploitable denial of service vulnerability exists in systemd which does not fully implement RFC3203, as it does not support authentication of FORCERENEW packets. A specially crafted DHCP FORCERENEW packet can cause a system, running the DHCP client, to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHPACK packets to reconfigure the system with arbitrary network settings.\n#### Mitigation\n\nThere is no available mitigation for this issue. \n\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2021-05-11T20:53:45", "type": "redhatcve", "title": "CVE-2020-13529", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.9, "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13529"], "modified": "2022-07-07T12:36:23", "id": "RH:CVE-2020-13529", "href": "https://access.redhat.com/security/cve/cve-2020-13529", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}], "veracode": [{"lastseen": "2022-07-17T13:05:57", "description": "systemd:focal is vulnerable to denial-of-service. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2021-08-12T14:53:46", "type": "veracode", "title": "Denial-of-service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.9, "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13529"], "modified": "2022-04-28T21:12:01", "id": "VERACODE:31579", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-31579/summary", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}], "altlinux": [{"lastseen": "2022-06-10T03:05:31", "description": "1.18.11-alt1.gite2fdbc2b7482 built July 2, 2021 Mikhail Efremov in task [#276659](<https://git.altlinux.org/tasks/276659/>) \n--- \nJuly 1, 2021 Mikhail Efremov \n \n \n - Backported patch from NM-1.32.2 (fixes: CVE-2020-13529):\n + dhcp/systemd: ignore FORCERENEW requests for DHCPV4 to workaround\n CVE-2020-13529.\n - Upstream git snapshot (nm-1-18 branch).\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2021-07-02T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 9 package NetworkManager version 1.18.11-alt1.gite2fdbc2b7482", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.9, "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13529"], "modified": "2021-07-02T00:00:00", "id": "7893C3BA8753F8F069C206E48D526B57", "href": "https://packages.altlinux.org/en/p9/srpms/NetworkManager/2685019999452228221", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}], "almalinux": [{"lastseen": "2022-09-14T18:10:10", "description": "NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services.\n\nThe following packages have been upgraded to a later upstream version: NetworkManager (1.32.10). (BZ#1934465)\n\nSecurity Fix(es):\n\n* systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client to have its network reconfigured (CVE-2020-13529)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2021-11-09T09:11:14", "type": "almalinux", "title": "Moderate: NetworkManager security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.9, "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13529"], "modified": "2021-11-12T10:20:56", "id": "ALSA-2021:4361", "href": "https://errata.almalinux.org/8/ALSA-2021-4361.html", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}], "archlinux": [{"lastseen": "2021-07-28T14:33:53", "description": "Arch Linux Security Advisory ASA-202107-29\n==========================================\n\nSeverity: Low\nDate : 2021-07-14\nCVE-ID : CVE-2020-13529\nPackage : systemd\nType : denial of service\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1935\n\nSummary\n=======\n\nThe package systemd before version 249-2 is vulnerable to denial of\nservice.\n\nResolution\n==========\n\nUpgrade to 249-2.\n\n# pacman -Syu \"systemd>=249-2\"\n\nThe problem has been fixed upstream in version 249.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nAn exploitable denial-of-service vulnerability exists in systemd-\nnetworkd before version 249. A maliciously crafted DHCP FORCERENEW\npacket can cause a server running the DHCP client to be vulnerable to a\nDHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW\nand DCHP ACK packets to reconfigure the server.\n\nImpact\n======\n\nA network-adjacent attacker could reconfigure the networking properties\nof a device running systemd-networkd through crafted DHCP packets.\n\nReferences\n==========\n\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2020-1142\nhttps://github.com/systemd/systemd/issues/16774\nhttps://github.com/systemd/systemd/pull/20002\nhttps://github.com/systemd/systemd/commit/38e980a6a5a3442c2f48b1f827284388096d8ca5\nhttps://security.archlinux.org/CVE-2020-13529", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2021-07-14T00:00:00", "type": "archlinux", "title": "[ASA-202107-29] systemd: denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.9, "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13529"], "modified": "2021-07-14T00:00:00", "id": "ASA-202107-29", "href": "https://security.archlinux.org/ASA-202107-29", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2022-10-27T13:48:20", "description": "An exploitable denial-of-service vulnerability exists in Systemd 245. A\nspecially crafted DHCP FORCERENEW packet can cause a server running the\nDHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can\nforge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.\n\n#### Bugs\n\n * <https://github.com/systemd/systemd/issues/16774>\n * <https://bugzilla.redhat.com/show_bug.cgi?id=1959398>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | FORCERENEW was temporarily disabled until proper support for RFC6704 is in place\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2021-05-10T00:00:00", "type": "ubuntucve", "title": "CVE-2020-13529", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.9, "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13529"], "modified": "2021-05-10T00:00:00", "id": "UB:CVE-2020-13529", "href": "https://ubuntu.com/security/CVE-2020-13529", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2021-11-22T18:42:04", "description": "NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services.\n\nThe following packages have been upgraded to a later upstream version: NetworkManager (1.32.10). (BZ#1934465)\n\nSecurity Fix(es):\n\n* systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client to have its network reconfigured (CVE-2020-13529)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2021-11-09T09:11:14", "type": "redhat", "title": "(RHSA-2021:4361) Moderate: NetworkManager security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.9, "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13529"], "modified": "2021-11-09T14:09:20", "id": "RHSA-2021:4361", "href": "https://access.redhat.com/errata/RHSA-2021:4361", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2021-11-16T22:30:44", "description": "[1.32.10-4.0.1]\n- add connectivity check via Oracle servers [Orabug: 32051972]\n- Disable the build of NetworkManager-config-connectivity-* subpackage for 8.3\n[1:1.32.10-4]\n- revert unapproved patches part of 'cloud-setup' change (rh #1977984)\n[1:1.32.10-3]\n- preserve the IPv6 multicast route added by kernel (rh #2004212)\n- cloud-setup: better handle other route configuration (rh #1977984)\n[1:1.32.10-2]\n- platform: fix capturing IPv4 addresses from platform for assuming after restart (rh #1988751)\n[1:1.32.10-1]\n- update to 1.32.10 release\n- nm-initrd-generator: add kernel command line options ethtool autoneg and speed (rh #1940934)\n- IP: fix the order of IP addresses during service restart (rh #1988751)\n[1:1.32.8-1]\n- Upgrade to 1.32.8 release\n- firewalld: configure zones on 'Reloaded' signal (rh #1982403)\n- ethtool: support configuring newer gigabit ethernet speeds (rh #1897004)\n- core: fix wrong MTU for bridge interfaces (rh #1973536)\n- cloud-setup: fix gateway address for Aliyun cloud (rh #1823315)\n[1:1.32.6-1]\n- Upgrade to 1.32.6 release\n- core: fix adding stale local routes when address changes (rh #1979192)\n- dhcp: handle filename/bootfile_name DHCP option and write it to device state\n file for initrd/kickstart (rh #1979387)\n- initrd: add 'ib.pkey=' command line option (rh #1805708)\n- core: introduce 'keep-configuration' device option to forcefully activate a\n profile on start (rh #1934122)\n[1:1.32.4-1]\n- Upgrade to 1.32.4 with fixes of:\n- nmcli: show DNS SEARCH field in device information. (rh #1852317)\n- device: avoid crash setting VPN config during unrealize. (rh #1912423)\n- core: send ARP announcements when there is carrier. (rh #1956793)\n- core: add ipv[46].required-timeout option to wait for IP configuration while activating. (rh #1961666)\n- core: start DHCPv6 when a prefix delegation is needed for shared mode. (rh #1973199)\n- ifcfg: log warning about invalid keys in ifcfg files. (rh #1959656)\n- cloud-setup: add support for Aliyun cloud. (rh #1823315)\n[1:1.32.2-1]\n- update to 1.32.2 release\n- device: prefer IPv6 not-deprecated addresses for hostname lookup (rh #1820770)\n- docs: describe qdiscs and tfilters in nm-settings manpage (rh #1847894)\n- cloud-setup: preserve IPv4 addresses/routes/rules from profile (rh #1971527)\n- daemon: performance improvements (rh #1847125)\n- dhcp/systemd: ignore FORCERENEW requests for DHCPV4 (rh #1961251, CVE-2020-13529)\n- Add bridge_role in 802-3-ethernet.s390-options using nmcli (rh #1935842)\n[1:1.32.0-1]\n- update to 1.32.0 release\n- veth: fix null error when deleting the device (rh #1915278)\n- veth: fix crash when deleting the device profile (rh #1915276)\n- firewall: add new 'nftables' firewall-backend (rh #1548825)\n- DNS: fix lookup of hostname via DNS (rh #1970335)\n[1:1.32.0-0.5]\n- update to 1.32-rc1 (1.31.90) (release candidate)\n- core: allow to preserved external TFilter and QDisc settings (rh #1928078)\n- bond: support 'tlb_dynamic_lb' in 'balance-alb' mode (rh #1959934)\n[1:1.32.0-0.4]\n- Update to 1.31.5 (development)\n- core: configure MTU early before DHCP completes (rh #1890234)\n- core: fix activation handling for ports (rh #1955101, rh #1959961)\n- core: add support for ethtool pause parameters (rh #1899372)\n- dhcp: support option 249 (Microsoft Classless Static Route) (rh #1959461)\n[1:1.32.0-0.3]\n- Update to 1.31.4 (development)\n- core: fix assertion failure in activation handling (rh #1933719)\n[1:1.32.0-0.2]\n- Update to 1.31.3 (development)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2021-11-16T00:00:00", "type": "oraclelinux", "title": "NetworkManager security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.9, "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13529"], "modified": "2021-11-16T00:00:00", "id": "ELSA-2021-4361", "href": "http://linux.oracle.com/errata/ELSA-2021-4361.html", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2022-10-07T05:38:46", "description": "An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2021-05-10T16:15:00", "type": "cve", "title": "CVE-2020-13529", "cwe": ["CWE-290"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.9, "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13529"], "modified": "2022-10-07T02:59:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/a:netapp:active_iq_unified_manager:-", "cpe:/a:netapp:cloud_backup:-", "cpe:/a:systemd_project:systemd:245"], "id": "CVE-2020-13529", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13529", "cvss": {"score": 2.9, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:systemd_project:systemd:245:-:*:*:*:*:*:*", "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*", "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]}], "cloudfoundry": [{"lastseen": "2021-11-26T21:44:42", "description": "## Severity\n\nHigh\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 18.04\n\n## Description\n\nIt was discovered that systemd incorrectly handled certain mount paths. A local attacker could possibly use this issue to cause systemd to crash, resulting in a denial of service. (CVE-2021-33910)\n\nMitchell Frank discovered that systemd incorrectly handled DHCP FORCERENEW packets. A remote attacker could possibly use this issue to reconfigure servers. (CVE-2020-13529)\n\nCVEs contained in this USN include: CVE-2020-13529, CVE-2021-33910.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is high unless otherwise noted._\n\n * Bionic Stemcells \n * 1.x versions prior to 1.20\n * All other stemcells not listed.\n * cflinuxfs3 \n * All versions prior to 0.250.0\n * CF Deployment \n * All versions prior to 16.22.0\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Bionic Stemcells \n * Upgrade 1.x versions to 1.20 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n * cflinuxfs3 \n * Upgrade all versions to 0.250.0 or greater\n * CF Deployment \n * Upgrade all versions to 16.22.0 or greater\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/5013-1/>)\n * [CVE-2020-13529](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-13529>)\n * [CVE-2021-33910](<https://people.canonical.com/~ubuntu-security/cve/CVE-2021-33910>)\n\n## History\n\n2021-09-03: Initial vulnerability report published.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2021-09-07T00:00:00", "type": "cloudfoundry", "title": "USN-5013-1: systemd vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13529", "CVE-2021-33910"], "modified": "2021-09-07T00:00:00", "id": "CFOUNDRY:EA2FC96380AC5696218F1535F35D2590", "href": "https://www.cloudfoundry.org/blog/usn-5013-1-systemd-vulnerabilities/", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "suse": [{"lastseen": "2022-04-18T12:40:10", "description": "An update that solves two vulnerabilities and has three\n fixes is now available.\n\nDescription:\n\n This update for systemd fixes the following issues:\n\n - Updated to version 246.15\n - CVE-2021-33910: Fixed a denial of service issue in systemd. (bsc#1188063)\n - CVE-2020-13529: Fixed an issue that allows crafted DHCP FORCERENEW\n packet can cause a server running the DHCP client to be vulnerable to a\n DHCP ACK spoofing attack. (bsc#1185972)\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2021-2809=1", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2021-08-23T00:00:00", "type": "suse", "title": "Security update for systemd (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13529", "CVE-2021-33910"], "modified": "2021-08-23T00:00:00", "id": "OPENSUSE-SU-2021:2809-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PFXYBJHAFZNV57EZ4VL2LC446RMO7HVT/", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "fedora": [{"lastseen": "2021-11-26T19:07:07", "description": "systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. systemd supports SysV and LSB init scripts and works as a replacement for sysvinit. Other parts of this package are a logging daemon, utilities to control basic system configuration like the hostname, date, locale, maintain a list of logged-in users, system accounts, runtime directories and settings, and daemons to manage simple network configuration, network time synchronization, log forwarding, and name resolution. This package was built from the 246.15-stable branch of systemd. ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2021-07-24T01:08:44", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: systemd-246.15-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13529", "CVE-2021-33910"], "modified": "2021-07-24T01:08:44", "id": "FEDORA:876413072EA9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "gentoo": [{"lastseen": "2022-01-17T18:57:57", "description": "### Background\n\nA system and service manager.\n\n### Description\n\nMultiple vulnerabilities have been discovered in systemd. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll systemd users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/systemd-248.5\"", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2021-07-20T00:00:00", "type": "gentoo", "title": "systemd: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13529", "CVE-2021-33910"], "modified": "2021-07-20T00:00:00", "id": "GLSA-202107-48", "href": "https://security.gentoo.org/glsa/202107-48", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2022-11-02T10:34:01", "description": "USN-5013-1 fixed several vulnerabilities in systemd. This update provides \nthe corresponding update for Ubuntu 16.04 ESM.\n\nOriginal advisory details:\n\nIt was discovered that systemd incorrectly handled certain mount paths. A \nlocal attacker could possibly use this issue to cause systemd to crash, \nresulting in a denial of service. (CVE-2021-33910)\n\nMitchell Frank discovered that systemd incorrectly handled DHCP FORCERENEW \npackets. A remote attacker could possibly use this issue to reconfigure \nservers. (CVE-2020-13529)\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2021-07-20T00:00:00", "type": "ubuntu", "title": "systemd vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13529", "CVE-2021-33910"], "modified": "2021-07-20T00:00:00", "id": "USN-5013-2", "href": "https://ubuntu.com/security/notices/USN-5013-2", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-11-02T06:34:28", "description": "It was discovered that systemd incorrectly handled certain mount paths. A \nlocal attacker could possibly use this issue to cause systemd to crash, \nresulting in a denial of service. (CVE-2021-33910)\n\nMitchell Frank discovered that systemd incorrectly handled DHCP FORCERENEW \npackets. A remote attacker could possibly use this issue to reconfigure \nservers. (CVE-2020-13529)\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2021-07-20T00:00:00", "type": "ubuntu", "title": "systemd vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13529", "CVE-2021-33910"], "modified": "2021-07-20T00:00:00", "id": "USN-5013-1", "href": "https://ubuntu.com/security/notices/USN-5013-1", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "mageia": [{"lastseen": "2022-04-18T11:19:35", "description": "This systemd update provides the v246.15 maintenance release and fixes at least the following security issues: An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server (CVE-2020-13529). basic/unit-name.c in systemd 220 through 248 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash (CVE-2021-29270). \n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2021-07-22T07:08:00", "type": "mageia", "title": "Updated systemd packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13529", "CVE-2021-29270", "CVE-2021-33910"], "modified": "2021-07-22T07:07:59", "id": "MGASA-2021-0365", "href": "https://advisories.mageia.org/MGASA-2021-0365.html", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "amazon": [{"lastseen": "2022-11-01T21:40:15", "description": "**Issue Overview:**\n\nIt was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the \"allow_active\" element rather than \"allow_any\". (CVE-2019-3842)\n\nAn exploitable denial of service vulnerability exists in systemd which does not fully implement RFC3203, as it does not support authentication of FORCERENEW packets. A specially crafted DHCP FORCERENEW packet can cause a system, running the DHCP client, to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHPACK packets to reconfigure the system with arbitrary network settings. (CVE-2020-13529)\n\nA flaw was found in systemd, where it mishandles numerical usernames beginning with decimal digits, or \"0x\" followed by hexadecimal digits. When the usernames are used by systemd, for example in service units, an unexpected user may be used instead. In some particular configurations, this flaw allows local attackers to elevate their privileges. (CVE-2020-13776)\n\nA use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in resolved-dns-stream.c not incrementing the reference counting for the \nDnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later. (CVE-2022-2526)\n\n \n**Affected Packages:** \n\n\nsystemd\n\n \n**Issue Correction:** \nRun _yum update systemd_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 systemd-219-78.amzn2.0.20.aarch64 \n \u00a0\u00a0\u00a0 systemd-libs-219-78.amzn2.0.20.aarch64 \n \u00a0\u00a0\u00a0 systemd-devel-219-78.amzn2.0.20.aarch64 \n \u00a0\u00a0\u00a0 systemd-sysv-219-78.amzn2.0.20.aarch64 \n \u00a0\u00a0\u00a0 systemd-python-219-78.amzn2.0.20.aarch64 \n \u00a0\u00a0\u00a0 libgudev1-219-78.amzn2.0.20.aarch64 \n \u00a0\u00a0\u00a0 libgudev1-devel-219-78.amzn2.0.20.aarch64 \n \u00a0\u00a0\u00a0 systemd-journal-gateway-219-78.amzn2.0.20.aarch64 \n \u00a0\u00a0\u00a0 systemd-networkd-219-78.amzn2.0.20.aarch64 \n \u00a0\u00a0\u00a0 systemd-resolved-219-78.amzn2.0.20.aarch64 \n \u00a0\u00a0\u00a0 systemd-debuginfo-219-78.amzn2.0.20.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 systemd-219-78.amzn2.0.20.i686 \n \u00a0\u00a0\u00a0 systemd-libs-219-78.amzn2.0.20.i686 \n \u00a0\u00a0\u00a0 systemd-devel-219-78.amzn2.0.20.i686 \n \u00a0\u00a0\u00a0 systemd-sysv-219-78.amzn2.0.20.i686 \n \u00a0\u00a0\u00a0 systemd-python-219-78.amzn2.0.20.i686 \n \u00a0\u00a0\u00a0 libgudev1-219-78.amzn2.0.20.i686 \n \u00a0\u00a0\u00a0 libgudev1-devel-219-78.amzn2.0.20.i686 \n \u00a0\u00a0\u00a0 systemd-journal-gateway-219-78.amzn2.0.20.i686 \n \u00a0\u00a0\u00a0 systemd-networkd-219-78.amzn2.0.20.i686 \n \u00a0\u00a0\u00a0 systemd-resolved-219-78.amzn2.0.20.i686 \n \u00a0\u00a0\u00a0 systemd-debuginfo-219-78.amzn2.0.20.i686 \n \n src: \n \u00a0\u00a0\u00a0 systemd-219-78.amzn2.0.20.src \n \n x86_64: \n \u00a0\u00a0\u00a0 systemd-219-78.amzn2.0.20.x86_64 \n \u00a0\u00a0\u00a0 systemd-libs-219-78.amzn2.0.20.x86_64 \n \u00a0\u00a0\u00a0 systemd-devel-219-78.amzn2.0.20.x86_64 \n \u00a0\u00a0\u00a0 systemd-sysv-219-78.amzn2.0.20.x86_64 \n \u00a0\u00a0\u00a0 systemd-python-219-78.amzn2.0.20.x86_64 \n \u00a0\u00a0\u00a0 libgudev1-219-78.amzn2.0.20.x86_64 \n \u00a0\u00a0\u00a0 libgudev1-devel-219-78.amzn2.0.20.x86_64 \n \u00a0\u00a0\u00a0 systemd-journal-gateway-219-78.amzn2.0.20.x86_64 \n \u00a0\u00a0\u00a0 systemd-networkd-219-78.amzn2.0.20.x86_64 \n \u00a0\u00a0\u00a0 systemd-resolved-219-78.amzn2.0.20.x86_64 \n \u00a0\u00a0\u00a0 systemd-debuginfo-219-78.amzn2.0.20.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2019-3842](<https://access.redhat.com/security/cve/CVE-2019-3842>), [CVE-2020-13529](<https://access.redhat.com/security/cve/CVE-2020-13529>), [CVE-2020-13776](<https://access.redhat.com/security/cve/CVE-2020-13776>), [CVE-2022-2526](<https://access.redhat.com/security/cve/CVE-2022-2526>)\n\nMitre: [CVE-2019-3842](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3842>), [CVE-2020-13529](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13529>), [CVE-2020-13776](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13776>), [CVE-2022-2526](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2526>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-30T07:04:00", "type": "amazon", "title": "Important: systemd", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.2, "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3842", "CVE-2020-13529", "CVE-2020-13776", "CVE-2022-2526"], "modified": "2022-10-10T21:54:00", "id": "ALAS2-2022-1854", "href": "https://alas.aws.amazon.com/AL2/ALAS-2022-1854.html", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}], "kitploit": [{"lastseen": "2022-04-07T12:01:14", "description": "[](<https://blogger.googleusercontent.com/img/a/AVvXsEjsrmhQfDtTdfBPNa6qZgsSf3u30VLPYC3uKiVcyq9ZGHj16L1OT3WrO1HfwDyWXqnHKHPKJbSTz2Whniw57u-WtS5y_mcQsWyfzNYadEoNL2ZgYGTEeORZsjTrJzIDyx8ZUunfcL0CntifHoVg48hyGjYPR8doMybpPRTOwLUqmaUvooKWE3KXcFIO>)\n\n \n\n\nA simple tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities.\n\n \n\n\nTo install requirements:\n \n \n $ sudo python3 -m pip install -r requirements.txt \n \n\nOverview:\n\nvulnerabilities on local libraries by CoolerVoid Example: $ python3 master_librarian.py -t csv $ python3 master_librarian.py -t txt -l 3 usage: master_librarian.py [-h] -t TYPES [-l LIMIT] optional arguments: -h, --help show this help message and exit -t TYPES, --type TYPES Name of output type for logs(txt or csv) -l LIMIT, --limit LIMIT Limit CVEs per pages in nvd NIST search(default is 3) \">\n \n \n $ python3 master_librarian.py -h \n Master librarian v0.3 \n Tool to search public vulnerabilities on local libraries \n by CoolerVoid \n \n Example: \n \t$ python3 master_librarian.py -t csv \n \t$ python3 master_librarian.py -t txt -l 3 \n \n usage: master_librarian.py [-h] -t TYPES [-l LIMIT] \n \n optional arguments: \n -h, --help show this help message and exit \n -t TYPES, --type TYPES \n Name of output type for logs(txt or csv) \n -l LIMIT, --limit LIMIT \n Limit CVEs per pages in nvd NIST search(default is 3) \n \n \n\nExample:\n \n \n $ python3 master_librarian.py -t txt \n \n\noutput\n\nvulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. https://nvd.nist.gov/vuln/detail/CVE-2020-13529 2.9 LOW systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082. https://nvd.nist.gov/vuln/detail/CVE-2020-13776 6.2 MEDIUM A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages. https://nvd.nist.gov/vuln/detail/CVE-2020-1712 4.6 MEDIUM expat 2.2.9 pangocairo 1.44.7 xdmcp 1.1.3 libpcreposix 8.39 ruby-2.7 2.7.0 glib-2.0 2.64.6 gnome-system-tools 3.0.0 xinerama 1.1.4 nunit 2.6.3 gmp 6.2.0 libevent 2.1.11-stable xbuild12 12.0 xorg-sgml-doctools 1.11 presentproto 1.2 gdk-pixbuf-2.0 2.40.0 inputproto 2.3.2 libssl 1.1.1f xcb-shm 1.14 gdk-2.0 2.24.32 libpng16 1.6.37 bigreqsproto 1.1.2 icu-io 66.1 xextproto 7.3.0 libthai 0.1.28 libbsd-overlay 0.10.0 mount 2.34.0 gio-2.0 2.64.6 adwaita-icon-theme 3.36.1 fontconfig 2.13.1 xrandr 1.5.2 monosgen-2 6.8.0.105 mono 6.8.0.105 xf86dgaproto 2.1 dri3proto 1.2 libpcre 8.39 pangoxft 1.44.7 blkid 2.34.0 libsepol 3.0 libevent_openssl 2.1.11-stable uuid 2.34.0 gmodule-2.0 2.64.6 graphite2 3.0.1 libfl 2.6.4 zlib 1.2.11 cairo-pdf 1.16.0 ruby 2.7.0 Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to [denial of service](<https://www.kitploit.com/search/label/Denial%20of%20Service> \"denial of service\" ) when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking. https://nvd.nist.gov/vuln/detail/CVE-2021-32740 5.0 MEDIUM An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter. https://nvd.nist.gov/vuln/detail/CVE-2020-10933 5.0 MEDIUM libevent_extra 2.1.11-stable system.web.mvc3 3.0.0.0 libstartup-notification-1.0 0.12 mono-2 6.8.0.105 mono-nunit 2.6.3 gobject-2.0 2.64.6 glproto 1.4.17 cairo-ft 1.16.0 cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a \"free(): invalid pointer\" error. https://nvd.nist.gov/vuln/detail/CVE-2018-19876 4.3 MEDIUM xcb 1.14 Directory traversal vulnerability in Action View in [Ruby on Rails](<https://www.kitploit.com/search/label/Ruby%20on%20Rails> \"Ruby on Rails\" ) before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. https://nvd.nist.gov/vuln/detail/CVE-2016-0752 5.0 MEDIUM fribidi 1.0.8 xtrans 1.4.0 cairo-xlib-xrender 1.16.0 mono-lineeditor 0.2.1 xcmiscproto 1.2.2 gmodule-no-export-2.0 2.64.6 dri2proto 2.8 python3-embed 3.8 libpcre32 8.39 system.web.mvc2 2.0.0.0 dotnet 6.8.0.105 iso-codes 4.4 fontutil 1.3.1 xbitmaps 1.1.1 system.web.extensions_1.0 1.0.61025.0 recordproto 1.14.2 resourceproto 1.2.0 mobile-broadband-provider-info 20190618 videoproto 2.3.3 libevent_core 2.1.11-stable fontsproto 2.1.3 xsp-4 4.2 python3 3.8 In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected. https://nvd.nist.gov/vuln/detail/CVE-2020-15801 7.5 HIGH In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. https://nvd.nist.gov/vuln/detail/CVE-2020-15523 6.9 MEDIUM xineramaproto 1.2.1 xcb-render 1.14 libpcre2-32 10.34 libbsd-ctor 0.10.0 libbsd 0.10.0 nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab). https://nvd.nist.gov/vuln/detail/CVE-2019-20367 6.4 MEDIUM xft 2.3.3 \">\n \n \n Master librarian v0.3 \n Tool to search public vulnerabilities on local libraries \n by CoolerVoid \n \n Example: \n \t$ python3 master_librarian.py -t csv \n \t$ python3 master_librarian.py -t txt -l 3 \n \n Master librarian v0.3 \n Tool to search public vulnerabilities on local libraries \n by CoolerVoid \n \n Search pitfalls in operational system local packages \n \n xres 1.2.0 \n cairo-ps 1.16.0 \n xf86vidmodeproto 2.3.1 \n libcrypto 1.1.1f \n damageproto 1.2.1 \n libffi 3.3 \n xfixes 5.0.3 \n \t\tInteger overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2016-7944 \n \t\t7.5 HIGH \n \n system.web.extensions.design_1.0 1.0.61025.0 \n kbproto 1.0.7 \n gio-unix-2.0 2.64.6 \n gdk-x11-2.0 2.24.32 \n sqlite3 3.31.1 \n cairo-png 1.16.0 \n lib pcre2-posix 10.34 \n wcf 6.8.0.105 \n dmxproto 2.3.1 \n cairo-script 1.16.0 \n xext 1.3.4 \n x11 1.6.9 \n system.web.mvc 1.0.0.0 \n mono-cairo 6.8.0.105 \n cecil 6.8.0.105 \n udev 245 \n \t\tThe default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2011-0640 \n \t\t6.9 MEDIUM \n \n \t\tplymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2010-4176 \n \t\t4.0 MEDIUM \n \n xkeyboard-config 2.29 \n bash-completion 2.10 \n yelp-xsl 3.36.0 \n xdamage 1.1.5 \n libgdiplus 6.0.4 \n icu-uc 66.1 \n xcomposite 0.4.5 \n harfbuzz 2.6.4 \n pixman-1 0.38.4 \n pthread-stubs 0.4 \n systemd 245 \n \t\tAn exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2020-13529 \n \t\t2.9 LOW \n \n \t\tsystemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2020-13776 \n \t\t6.2 MEDIUM \n \n \t\tA heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2020-1712 \n \t\t4.6 MEDIUM \n \n expat 2.2.9 \n pangocairo 1.44.7 \n xdmcp 1.1.3 \n libpcreposix 8.39 \n ruby-2.7 2.7.0 \n glib-2.0 2.64.6 \n gnome-system-tools 3.0.0 \n xinerama 1.1.4 \n nunit 2.6.3 \n gmp 6.2.0 \n libevent 2.1.11-stable \n xbuild12 12.0 \n xorg-sgml-doctools 1.11 \n presentproto 1.2 \n gdk-pixbuf-2.0 2.40.0 \n inputproto 2.3.2 \n libssl 1.1.1f \n xcb-shm 1.14 \n gdk-2.0 2.24.32 \n libpng16 1.6.37 \n bigreqsproto 1.1.2 \n icu-io 66.1 \n xextproto 7.3.0 \n libthai 0.1.28 \n libbsd-overlay 0.10.0 \n mount 2.34.0 \n gio-2.0 2.64.6 \n adwaita-icon-theme 3.36.1 \n fontconfig 2.13.1 \n xrandr 1.5.2 \n monosgen-2 6.8.0.105 \n mono 6.8.0.105 \n xf86d gaproto 2.1 \n dri3proto 1.2 \n libpcre 8.39 \n pangoxft 1.44.7 \n blkid 2.34.0 \n libsepol 3.0 \n libevent_openssl 2.1.11-stable \n uuid 2.34.0 \n gmodule-2.0 2.64.6 \n graphite2 3.0.1 \n libfl 2.6.4 \n zlib 1.2.11 \n cairo-pdf 1.16.0 \n ruby 2.7.0 \n \t\tAddressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2 .8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2021-32740 \n \t\t5.0 MEDIUM \n \n \t\tAn issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2020-10933 \n \t\t5.0 MEDIUM \n \n libevent_extra 2.1.11-stable \n system.web.mvc3 3.0.0.0 \n libstartup-notification-1.0 0.12 \n mono-2 6.8.0.105 \n mono-nunit 2.6.3 \n gobject-2.0 2.64.6 \n glproto 1.4.17 \n cairo-ft 1.16.0 \n \t\tcairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompa tible with WebKit's fastMalloc, leading to an application crash with a \"free(): invalid pointer\" error. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2018-19876 \n \t\t4.3 MEDIUM \n \n xcb 1.14 \n \t\tDirectory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2016-0752 \n \t\t5.0 MEDIUM \n \n fribidi 1.0.8 \n xtrans 1.4.0 \n cairo-xlib-xrender 1.16.0 \n mono-lineeditor 0.2.1 \n xcmiscproto 1.2.2 \n gmodule-no-export-2.0 2.64.6 \n dri2proto 2.8 \n python3-embed 3.8 \n libpcre32 8.39 \n system.web.mvc2 2.0.0.0 \n dotnet 6.8.0.105 \n iso-codes 4.4 \n fontutil 1.3.1 \n xbitmaps 1.1.1 \n system.web.extensions_1.0 1.0.61025.0 \n recordproto 1.14.2 \n resourceproto 1. 2.0 \n mobile-broadband-provider-info 20190618 \n videoproto 2.3.3 \n libevent_core 2.1.11-stable \n fontsproto 2.1.3 \n xsp-4 4.2 \n python3 3.8 \n \t\tIn Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2020-15801 \n \t\t7.5 HIGH \n \n \t\tIn Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2020-15523 \n \t\t6.9 MEDIUM \n \n xineramapro to 1.2.1 \n xcb-render 1.14 \n libpcre2-32 10.34 \n libbsd-ctor 0.10.0 \n libbsd 0.10.0 \n \t\tnlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab). \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2019-20367 \n \t\t6.4 MEDIUM \n \n xft 2.3.3 \n \n \n\nTested in Ubuntu Linux, Fedora Linux and FreeBSD.\n\nThe purpose of this tool is to use in local pentest, take attention if you have a proper [authorization](<https://www.kitploit.com/search/label/Authorization> \"authorization\" ) before to use that. I do not have responsibility for your actions. You can use a hammer to construct a house or destroy it, choose the law path, don't be a bad guy, remember.\n\n \n \n\n\n**[Download Master_Librarian](<https://github.com/CoolerVoid/master_librarian> \"Download Master_Librarian\" )**\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-09T20:30:00", "type": "kitploit", "title": "Master_Librarian - A Simple Tool To Audit Unix/*BSD/Linux System Libraries To Find Public Security Vulnerabilities", "bulletinFamily": "tools", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4176", "CVE-2011-0640", "CVE-2016-0752", "CVE-2016-7944", "CVE-2017-1000082", "CVE-2018-19876", "CVE-2019-20367", "CVE-2020-10933", "CVE-2020-13529", "CVE-2020-13776", "CVE-2020-15523", "CVE-2020-15801", "CVE-2020-1712", "CVE-2021-32740"], "modified": "2022-03-09T20:30:00", "id": "KITPLOIT:2401425074991132396", "href": "http://www.kitploit.com/2022/03/masterlibrarian-simple-tool-to-audit.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
Systemd DHCP client denial-of-service vulnerability
