Felix Wilhelm discovered that the NetworkManager internal DHCPv6 client
incorrectly handled certain DHCPv6 messages. In non-default configurations
where the internal DHCP client is enabled, an attacker on the same network
could use this issue to cause NetworkManager to crash, resulting in a
denial of service, or possibly execute arbitrary code.
{"redhat": [{"lastseen": "2022-02-10T00:00:00", "description": "NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services.\n\nSecurity Fix(es):\n\n* systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Ubuntu Security Team for reporting this issue. Upstream acknowledges Felix Wilhelm (Google) as the original reporter.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-26T23:01:01", "type": "redhat", "title": "(RHSA-2018:3665) Important: NetworkManager security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15688"], "modified": "2018-11-26T23:17:16", "id": "RHSA-2018:3665", "href": "https://access.redhat.com/errata/RHSA-2018:3665", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-10T00:00:00", "description": "The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.\n\nSecurity Fix(es):\n\n* systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688)\n\n* systemd: stack overflow when calling syslog from a command with long cmdline (CVE-2018-16864)\n\n* systemd: stack overflow when receiving many journald entries (CVE-2018-16865)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Ubuntu Security Team for reporting CVE-2018-15688 and Qualys Research Labs for reporting CVE-2018-16864 and CVE-2018-16865. Upstream acknowledges Felix Wilhelm (Google) as the original reporter of CVE-2018-15688.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-01-14T11:21:52", "type": "redhat", "title": "(RHSA-2019:0049) Important: systemd security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15688", "CVE-2018-16864", "CVE-2018-16865"], "modified": "2019-01-14T11:25:56", "id": "RHSA-2019:0049", "href": "https://access.redhat.com/errata/RHSA-2019:0049", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:33:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-11-20T00:00:00", "type": "openvas", "title": "Fedora Update for NetworkManager FEDORA-2018-fc3018b1bd", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875282", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875282", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_fc3018b1bd_NetworkManager_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for NetworkManager FEDORA-2018-fc3018b1bd\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875282\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-15688\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-20 06:28:00 +0100 (Tue, 20 Nov 2018)\");\n script_name(\"Fedora Update for NetworkManager FEDORA-2018-fc3018b1bd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n script_xref(name:\"FEDORA\", value:\"2018-fc3018b1bd\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIORNVJ3LRLCNPZWBPYIS3NJF5WXIQQ6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'NetworkManager'\n package(s) announced via the FEDORA-2018-fc3018b1bd advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"NetworkManager on Fedora 27.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"NetworkManager\", rpm:\"NetworkManager~1.8.8~2.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:22", "description": "The remote host is missing an update for\nthe ", "cvss3": {}, "published": "2018-11-06T00:00:00", "type": "openvas", "title": "Ubuntu Update for network-manager USN-3807-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843805", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843805", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3807_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for network-manager USN-3807-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843805\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-15688\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-06 05:59:56 +0100 (Tue, 06 Nov 2018)\");\n script_name(\"Ubuntu Update for network-manager USN-3807-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(18\\.04 LTS|18\\.10|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3807-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3807-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for\nthe 'network-manager' package(s) announced via the USN-3807-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version\nis present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Felix Wilhelm discovered that the NetworkManager\ninternal DHCPv6 client incorrectly handled certain DHCPv6 messages. In non-default\nconfigurations where the internal DHCP client is enabled, an attacker on the same network\ncould use this issue to cause NetworkManager to crash, resulting in a\ndenial of service, or possibly execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"network-manager on Ubuntu 18.10,\n Ubuntu 18.04 LTS,\n Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"network-manager\", ver:\"1.10.6-2ubuntu1.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"network-manager\", ver:\"1.12.4-1ubuntu1.1\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"network-manager\", ver:\"1.2.6-0ubuntu0.16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:34:20", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for NetworkManager (EulerOS-SA-2019-1322)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191322", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191322", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1322\");\n script_version(\"2020-01-23T11:39:23+0000\");\n script_cve_id(\"CVE-2018-15688\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:39:23 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:39:23 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for NetworkManager (EulerOS-SA-2019-1322)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1322\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1322\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'NetworkManager' package(s) announced via the EulerOS-SA-2019-1322 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688)\");\n\n script_tag(name:\"affected\", value:\"'NetworkManager' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"NetworkManager\", rpm:\"NetworkManager~1.10.2~16.h8\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"NetworkManager-adsl\", rpm:\"NetworkManager-adsl~1.10.2~16.h8\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"NetworkManager-bluetooth\", rpm:\"NetworkManager-bluetooth~1.10.2~16.h8\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"NetworkManager-glib\", rpm:\"NetworkManager-glib~1.10.2~16.h8\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"NetworkManager-libnm\", rpm:\"NetworkManager-libnm~1.10.2~16.h8\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"NetworkManager-team\", rpm:\"NetworkManager-team~1.10.2~16.h8\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"NetworkManager-tui\", rpm:\"NetworkManager-tui~1.10.2~16.h8\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"NetworkManager-wifi\", rpm:\"NetworkManager-wifi~1.10.2~16.h8\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"NetworkManager-wwan\", rpm:\"NetworkManager-wwan~1.10.2~16.h8\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for NetworkManager FEDORA-2018-71d85bc8cd", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310875645", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875645", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875645\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2018-15688\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:14:03 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for NetworkManager FEDORA-2018-71d85bc8cd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2018-71d85bc8cd\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6D5EHDWAX7OYO4OCUN45WYDWUF3HTDVG\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'NetworkManager'\n package(s) announced via the FEDORA-2018-71d85bc8cd advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"NetworkManager is a system service that manages network interfaces and\nconnections based on user or automatic configuration. It supports\nEthernet, Bridge, Bond, VLAN, Team, InfiniBand, Wi-Fi, mobile broadband\n(WWAN), PPPoE and other devices, and supports a variety of different VPN\nservices.\");\n\n script_tag(name:\"affected\", value:\"'NetworkManager' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"NetworkManager\", rpm:\"NetworkManager~1.12.4~2.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:35:36", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for NetworkManager (EulerOS-SA-2019-1119)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191119", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191119", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1119\");\n script_version(\"2020-01-23T11:31:58+0000\");\n script_cve_id(\"CVE-2018-15688\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:31:58 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:31:58 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for NetworkManager (EulerOS-SA-2019-1119)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1119\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1119\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'NetworkManager' package(s) announced via the EulerOS-SA-2019-1119 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688)\");\n\n script_tag(name:\"affected\", value:\"'NetworkManager' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"NetworkManager\", rpm:\"NetworkManager~1.10.2~16.h7\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"NetworkManager-adsl\", rpm:\"NetworkManager-adsl~1.10.2~16.h7\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"NetworkManager-bluetooth\", rpm:\"NetworkManager-bluetooth~1.10.2~16.h7\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"NetworkManager-config-server\", rpm:\"NetworkManager-config-server~1.10.2~16.h7\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"NetworkManager-glib\", rpm:\"NetworkManager-glib~1.10.2~16.h7\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"NetworkManager-libnm\", rpm:\"NetworkManager-libnm~1.10.2~16.h7\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"NetworkManager-team\", rpm:\"NetworkManager-team~1.10.2~16.h7\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"NetworkManager-tui\", rpm:\"NetworkManager-tui~1.10.2~16.h7\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"NetworkManager-wifi\", rpm:\"NetworkManager-wifi~1.10.2~16.h7\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"NetworkManager-wwan\", rpm:\"NetworkManager-wwan~1.10.2~16.h7\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-12-18T00:00:00", "type": "openvas", "title": "CentOS Update for NetworkManager CESA-2018:3665 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882980", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882980", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id$\n#\n# CentOS Update for NetworkManager CESA-2018:3665 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882980\");\n script_version(\"$Revision: 14058 $\");\n script_cve_id(\"CVE-2018-15688\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-18 07:37:50 +0100 (Tue, 18 Dec 2018)\");\n script_name(\"CentOS Update for NetworkManager CESA-2018:3665 centos7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n\n script_xref(name:\"CESA\", value:\"2018:3665\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2018-December/023116.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'NetworkManager'\n package(s) announced via the CESA-2018:3665 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"NetworkManager is a system network service that manages network devices and\nconnections, attempting to keep active network connectivity when available.\nIts capabilities include managing Ethernet, wireless, mobile broadband\n(WWAN), and PPPoE devices, as well as providing VPN integration with a\nvariety of different VPN services.\n\nSecurity Fix(es):\n\n * systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option\nhandling (CVE-2018-15688)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section.\n\nRed Hat would like to thank Ubuntu Security Team for reporting this issue.\nUpstream acknowledges Felix Wilhelm (Google) as the original reporter.\");\n\n script_tag(name:\"affected\", value:\"NetworkManager on CentOS 7.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"NetworkManager\", rpm:\"NetworkManager~1.12.0~8.el7_6\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"NetworkManager-adsl\", rpm:\"NetworkManager-adsl~1.12.0~8.el7_6\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"NetworkManager-bluetooth\", rpm:\"NetworkManager-bluetooth~1.12.0~8.el7_6\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"NetworkManager-config-server\", rpm:\"NetworkManager-config-server~1.12.0~8.el7_6\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"NetworkManager-dispatcher-routing-rules\", rpm:\"NetworkManager-dispatcher-routing-rules~1.12.0~8.el7_6\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"NetworkManager-glib\", rpm:\"NetworkManager-glib~1.12.0~8.el7_6\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"NetworkManager-glib-devel\", rpm:\"NetworkManager-glib-devel~1.12.0~8.el7_6\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"NetworkManager-libnm\", rpm:\"NetworkManager-libnm~1.12.0~8.el7_6\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"NetworkManager-libnm-devel\", rpm:\"NetworkManager-libnm-devel~1.12.0~8.el7_6\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"NetworkManager-ovs\", rpm:\"NetworkManager-ovs~1.12.0~8.el7_6\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"NetworkManager-ppp\", rpm:\"NetworkManager-ppp~1.12.0~8.el7_6\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"NetworkManager-team\", rpm:\"NetworkManager-team~1.12.0~8.el7_6\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"NetworkManager-tui\", rpm:\"NetworkManager-tui~1.12.0~8.el7_6\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"NetworkManager-wifi\", rpm:\"NetworkManager-wifi~1.12.0~8.el7_6\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"NetworkManager-wwan\", rpm:\"NetworkManager-wwan~1.12.0~8.el7_6\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-11-08T00:00:00", "type": "openvas", "title": "Fedora Update for NetworkManager FEDORA-2018-7243f31304", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875240", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875240", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_7243f31304_NetworkManager_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for NetworkManager FEDORA-2018-7243f31304\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875240\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-15688\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-08 06:36:43 +0100 (Thu, 08 Nov 2018)\");\n script_name(\"Fedora Update for NetworkManager FEDORA-2018-7243f31304\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2018-7243f31304\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW55P34B3PEDZZ55K5Q6DY5LMXRWED2Z\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'NetworkManager'\n package(s) announced via the FEDORA-2018-7243f31304 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"NetworkManager on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"NetworkManager\", rpm:\"NetworkManager~1.10.12~2.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-11-06T00:00:00", "type": "openvas", "title": "Ubuntu Update for systemd USN-3806-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843804", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843804", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3806_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for systemd USN-3806-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843804\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-15688\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-06 05:59:53 +0100 (Tue, 06 Nov 2018)\");\n script_name(\"Ubuntu Update for systemd USN-3806-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(18\\.04 LTS|18\\.10|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3806-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3806-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'systemd'\n package(s) announced via the USN-3806-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\npresent on the target host.\");\n\n script_tag(name:\"insight\", value:\"Felix Wilhelm discovered that the systemd-networkd\nDHCPv6 client incorrectly handled certain DHCPv6 messages. In configurations where\nsystemd-networkd is being used, an attacker on the same network could use\nthis issue to cause systemd-networkd to crash, resulting in a denial of\nservice, or possibly execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"systemd on Ubuntu 18.10,\n Ubuntu 18.04 LTS,\n Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"systemd\", ver:\"237-3ubuntu10.4\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"systemd\", ver:\"239-7ubuntu10.1\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"systemd\", ver:\"229-4ubuntu21.6\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T17:51:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-11-10T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for systemd (openSUSE-SU-2018:3695-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15686", "CVE-2018-15688"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310852121", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852121", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852121\");\n script_version(\"2020-03-13T09:37:47+0000\");\n script_cve_id(\"CVE-2018-15686\", \"CVE-2018-15688\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 09:37:47 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-10 05:59:41 +0100 (Sat, 10 Nov 2018)\");\n script_name(\"openSUSE: Security Advisory for systemd (openSUSE-SU-2018:3695-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3695-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-11/msg00007.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'systemd'\n package(s) announced via the openSUSE-SU-2018:3695-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for systemd fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of\n systemd allowed a malicious dhcp6 server to overwrite heap memory in\n systemd-networkd. (bsc#1113632)\n\n - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an\n attacker to supply arbitrary state across systemd re-execution via\n NotifyAccess. This can be used to improperly influence systemd execution\n and possibly lead to root privilege escalation. (bsc#1113665)\n\n Non security issues fixed:\n\n - dhcp6: split assert_return() to be more debuggable when hit\n\n - core: skip unit deserialization and move to the next one when\n unit_deserialize() fails\n\n - core: properly handle deserialization of unknown unit types (#6476)\n\n - core: don't create Requires for workdir if 'missing ok' (bsc#1113083)\n\n - logind: use manager_get_user_by_pid() where appropriate\n\n - logind: rework manager_get_{usersession}_by_pid() a bit\n\n - login: fix user@.service case, so we don't allow nested sessions (#8051)\n (bsc#1112024)\n\n - core: be more defensive if we can't determine per-connection socket peer\n (#7329)\n\n - core: introduce systemd.early_core_pattern= kernel cmdline option\n\n - core: add missing 'continue' statement\n\n - core/mount: fstype may be NULL\n\n - journald: don't ship systemd-journald-audit.socket (bsc#1109252)\n\n - core: make 'tmpfs' dependencies on swapfs a 'default' dep, not an\n 'implicit' (bsc#1110445)\n\n - mount: make sure we unmount tmpfs mounts before we deactivate swaps\n (#7076)\n\n - detect-virt: do not try to read all of /proc/cpuinfo (bsc#1109197)\n\n - emergency: make sure console password agents don't interfere with the\n emergency shell\n\n - man: document that 'nofail' also has an effect on ordering\n\n - journald: take leading spaces into account in syslog_parse_identifier\n\n - journal: do not remove multiple spaces after identifier in syslog message\n\n - syslog: fix segfault in syslog_parse_priority()\n\n - journal: fix syslog_parse_identifier()\n\n - install: drop left-over debug message (#6913)\n\n - Ship systemd-sysv-install helper via the main package This script was\n part of systemd-sysvinit sub-package but it was wrong since\n systemd-sysv-install is a script used to redirect enable/disable\n operations to chkconfig when the unit targets are sysv init scripts.\n Therefore it's never been a SySV init tool.\n\n - Add udev.no-partlabel-links kernel command-line option. This option can\n be used to disable the generation of the by-partlabel symlinks\n regardless of the name used. (bsc#1089761)\n\n - man: SystemMaxUse= clar ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"systemd on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"libsystemd0\", rpm:\"libsystemd0~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsystemd0-debuginfo\", rpm:\"libsystemd0-debuginfo~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsystemd0-mini\", rpm:\"libsystemd0-mini~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsystemd0-mini-debuginfo\", rpm:\"libsystemd0-mini-debuginfo~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libudev-devel\", rpm:\"libudev-devel~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libudev-mini-devel\", rpm:\"libudev-mini-devel~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libudev-mini1\", rpm:\"libudev-mini1~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libudev-mini1-debuginfo\", rpm:\"libudev-mini1-debuginfo~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libudev1\", rpm:\"libudev1~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libudev1-debuginfo\", rpm:\"libudev1-debuginfo~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss-myhostname\", rpm:\"nss-myhostname~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss-myhostname-debuginfo\", rpm:\"nss-myhostname-debuginfo~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss-mymachines\", rpm:\"nss-mymachines~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss-mymachines-debuginfo\", rpm:\"nss-mymachines-debuginfo~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss-systemd\", rpm:\"nss-systemd~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss-systemd-debuginfo\", rpm:\"nss-systemd-debuginfo~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd\", rpm:\"systemd~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-container\", rpm:\"systemd-container~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-container-debuginfo\", rpm:\"systemd-container-debuginfo~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-coredump\", rpm:\"systemd-coredump~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-coredump-debuginfo\", rpm:\"systemd-coredump-debuginfo~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-debuginfo\", rpm:\"systemd-debuginfo~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-debugsource\", rpm:\"systemd-debugsource~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-devel\", rpm:\"systemd-devel~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-logger\", rpm:\"systemd-logger~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-mini\", rpm:\"systemd-mini~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-mini-container-mini\", rpm:\"systemd-mini-container-mini~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-mini-container-mini-debuginfo\", rpm:\"systemd-mini-container-mini-debuginfo~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-mini-coredump-mini\", rpm:\"systemd-mini-coredump-mini~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-mini-coredump-mini-debuginfo\", rpm:\"systemd-mini-coredump-mini-debuginfo~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-mini-debuginfo\", rpm:\"systemd-mini-debuginfo~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-mini-debugsource\", rpm:\"systemd-mini-debugsource~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-mini-devel\", rpm:\"systemd-mini-devel~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-mini-sysvinit\", rpm:\"systemd-mini-sysvinit~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-sysvinit\", rpm:\"systemd-sysvinit~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"udev\", rpm:\"udev~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"udev-debuginfo\", rpm:\"udev-debuginfo~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"udev-mini\", rpm:\"udev-mini~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"udev-mini-debuginfo\", rpm:\"udev-mini-debuginfo~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-bash-completion\", rpm:\"systemd-bash-completion~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-mini-bash-completion\", rpm:\"systemd-mini-bash-completion~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsystemd0-32bit\", rpm:\"libsystemd0-32bit~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsystemd0-32bit-debuginfo\", rpm:\"libsystemd0-32bit-debuginfo~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libudev-devel-32bit\", rpm:\"libudev-devel-32bit~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libudev1-32bit\", rpm:\"libudev1-32bit~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libudev1-32bit-debuginfo\", rpm:\"libudev1-32bit-debuginfo~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss-myhostname-32bit\", rpm:\"nss-myhostname-32bit~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss-myhostname-32bit-debuginfo\", rpm:\"nss-myhostname-32bit-debuginfo~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss-mymachines-32bit\", rpm:\"nss-mymachines-32bit~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss-mymachines-32bit-debuginfo\", rpm:\"nss-mymachines-32bit-debuginfo~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-32bit\", rpm:\"systemd-32bit~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-32bit-debuginfo\", rpm:\"systemd-32bit-debuginfo~234~lp150.20.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T17:53:43", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-11-17T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for systemd (openSUSE-SU-2018:3803-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15686", "CVE-2018-15688"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852128", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852128", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852128\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-15686\", \"CVE-2018-15688\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-17 06:15:31 +0100 (Sat, 17 Nov 2018)\");\n script_name(\"openSUSE: Security Advisory for systemd (openSUSE-SU-2018:3803-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3803-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-11/msg00025.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'systemd'\n package(s) announced via the openSUSE-SU-2018:3803-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for systemd fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of\n systemd allowed a malicious dhcp6 server to overwrite heap memory in\n systemd-networkd. (bsc#1113632)\n\n - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an\n attacker to supply arbitrary state across systemd re-execution via\n NotifyAccess. This can be used to improperly influence systemd execution\n and possibly lead to root privilege escalation. (bsc#1113665)\n\n Non-security issues fixed:\n\n - dhcp6: split assert_return() to be more debuggable when hit\n\n - core: skip unit deserialization and move to the next one when\n unit_deserialize() fails\n\n - core: properly handle deserialization of unknown unit types (#6476)\n\n - core: don't create Requires for workdir if 'missing ok' (bsc#1113083)\n\n - logind: use manager_get_user_by_pid() where appropriate\n\n - logind: rework manager_get_{usersession}_by_pid() a bit\n\n - login: fix user@.service case, so we don't allow nested sessions (#8051)\n (bsc#1112024)\n\n - core: be more defensive if we can't determine per-connection socket peer\n (#7329)\n\n - socket-util: introduce port argument in sockaddr_port()\n\n - service: fixup ExecStop for socket-activated shutdown (#4120)\n\n - service: Continue shutdown on socket activated unit on termination\n (#4108) (bsc#1106923)\n\n - cryptsetup: build fixes for 'add support for sector-size= option'\n\n - udev-rules: IMPORT cmdline does not recognize keys with similar names\n (bsc#1111278)\n\n - core: keep the kernel coredump defaults when systemd-coredump is disabled\n\n - core: shorten main() a bit, split out coredump initialization\n\n - core: set RLIMIT_CORE to unlimited by default (bsc#1108835)\n\n - core/mount: fstype may be NULL\n\n - journald: don't ship systemd-journald-audit.socket (bsc#1109252)\n\n - core: make 'tmpfs' dependencies on swapfs a 'default' dep, not an\n 'implicit' (bsc#1110445)\n\n - mount: make sure we unmount tmpfs mounts before we deactivate swaps\n (#7076)\n\n - tmp.mount.hm4: After swap.target (#3087)\n\n - Ship systemd-sysv-install helper via the main package This script was\n part of systemd-sysvinit sub-package but it was wrong since\n systemd-sysv-install is a script used to redirect enable/disable\n operations to chkconfig when the unit targets are sysv init scripts.\n Therefore it's never been a SySV init tool.\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-1423=1\");\n\n script_tag(name:\"affected\", value:\"systemd on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"libsystemd0\", rpm:\"libsystemd0~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsystemd0-debuginfo\", rpm:\"libsystemd0-debuginfo~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsystemd0-mini\", rpm:\"libsystemd0-mini~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsystemd0-mini-debuginfo\", rpm:\"libsystemd0-mini-debuginfo~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libudev-devel\", rpm:\"libudev-devel~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libudev-mini-devel\", rpm:\"libudev-mini-devel~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libudev-mini1\", rpm:\"libudev-mini1~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libudev-mini1-debuginfo\", rpm:\"libudev-mini1-debuginfo~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libudev1\", rpm:\"libudev1~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libudev1-debuginfo\", rpm:\"libudev1-debuginfo~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss-myhostname\", rpm:\"nss-myhostname~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss-myhostname-debuginfo\", rpm:\"nss-myhostname-debuginfo~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss-mymachines\", rpm:\"nss-mymachines~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss-mymachines-debuginfo\", rpm:\"nss-mymachines-debuginfo~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd\", rpm:\"systemd~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-debuginfo\", rpm:\"systemd-debuginfo~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-debugsource\", rpm:\"systemd-debugsource~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-devel\", rpm:\"systemd-devel~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-logger\", rpm:\"systemd-logger~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-mini\", rpm:\"systemd-mini~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-mini-debuginfo\", rpm:\"systemd-mini-debuginfo~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-mini-debugsource\", rpm:\"systemd-mini-debugsource~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-mini-devel\", rpm:\"systemd-mini-devel~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-mini-sysvinit\", rpm:\"systemd-mini-sysvinit~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-sysvinit\", rpm:\"systemd-sysvinit~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"udev\", rpm:\"udev~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"udev-debuginfo\", rpm:\"udev-debuginfo~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"udev-mini\", rpm:\"udev-mini~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"udev-mini-debuginfo\", rpm:\"udev-mini-debuginfo~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsystemd0-32bit\", rpm:\"libsystemd0-32bit~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsystemd0-debuginfo-32bit\", rpm:\"libsystemd0-debuginfo-32bit~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libudev1-32bit\", rpm:\"libudev1-32bit~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libudev1-debuginfo-32bit\", rpm:\"libudev1-debuginfo-32bit~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss-myhostname-32bit\", rpm:\"nss-myhostname-32bit~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss-myhostname-debuginfo-32bit\", rpm:\"nss-myhostname-debuginfo-32bit~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-32bit\", rpm:\"systemd-32bit~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-debuginfo-32bit\", rpm:\"systemd-debuginfo-32bit~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-bash-completion\", rpm:\"systemd-bash-completion~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-mini-bash-completion\", rpm:\"systemd-mini-bash-completion~228~62.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for systemd FEDORA-2018-c402eea18b", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15686", "CVE-2018-15687", "CVE-2018-15688"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310876003", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876003", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876003\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2018-15687\", \"CVE-2018-15686\", \"CVE-2018-15688\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:31:12 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for systemd FEDORA-2018-c402eea18b\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2018-c402eea18b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZIW3U6K2IVST5QJRIY2JLSR32C732ZZR\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'systemd'\n package(s) announced via the FEDORA-2018-c402eea18b advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"systemd is a system and service manager that runs as PID 1 and starts\nthe rest of the system. It provides aggressive parallelization\ncapabilities, uses socket and D-Bus activation for starting services,\noffers on-demand starting of daemons, keeps track of processes using\nLinux control groups, maintains mount and automount points, and\nimplements an elaborate transactional dependency-based service control\nlogic. systemd supports SysV and LSB init scripts and works as a\nreplacement for sysvinit. Other parts of this package are a logging daemon,\nutilities to control basic system configuration like the hostname,\ndate, locale, maintain a list of logged-in users and running\ncontainers and virtual machines, system accounts, runtime directories\nand settings, and daemons to manage simple network configuration,\nnetwork time synchronization, log forwarding, and name resolution.\");\n\n script_tag(name:\"affected\", value:\"'systemd' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd\", rpm:\"systemd~239~6.git9f3aed1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T20:07:23", "description": "systemd was found to suffer from multiple security vulnerabilities\nranging from denial of service attacks to possible root privilege\nescalation.\n\nCVE-2018-1049\n\nA race condition exists between .mount and .automount units such\nthat automount requests from kernel may not be serviced by systemd\nresulting in kernel holding the mountpoint and any processes that\ntry to use said mount will hang. A race condition like this may\nlead to denial of service, until mount points are unmounted.\n\nCVE-2018-15686\n\nA vulnerability in unit_deserialize of systemd allows an attacker\nto supply arbitrary state across systemd re-execution via\nNotifyAccess. This can be used to improperly influence systemd\nexecution and possibly lead to root privilege escalation.\n\nCVE-2018-15688\n\nA buffer overflow vulnerability in the dhcp6 client of systemd\nallows a malicious dhcp6 server to overwrite heap memory in\nsystemd-networkd, which is not enabled by default in Debian.", "cvss3": {}, "published": "2018-11-20T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for systemd (DLA-1580-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15686", "CVE-2018-1049", "CVE-2018-15688"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891580", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891580", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891580\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-1049\", \"CVE-2018-15686\", \"CVE-2018-15688\");\n script_name(\"Debian LTS: Security Advisory for systemd (DLA-1580-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-20 00:00:00 +0100 (Tue, 20 Nov 2018)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"systemd on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n215-17+deb8u8.\n\nWe recommend that you upgrade your systemd packages.\");\n\n script_tag(name:\"summary\", value:\"systemd was found to suffer from multiple security vulnerabilities\nranging from denial of service attacks to possible root privilege\nescalation.\n\nCVE-2018-1049\n\nA race condition exists between .mount and .automount units such\nthat automount requests from kernel may not be serviced by systemd\nresulting in kernel holding the mountpoint and any processes that\ntry to use said mount will hang. A race condition like this may\nlead to denial of service, until mount points are unmounted.\n\nCVE-2018-15686\n\nA vulnerability in unit_deserialize of systemd allows an attacker\nto supply arbitrary state across systemd re-execution via\nNotifyAccess. This can be used to improperly influence systemd\nexecution and possibly lead to root privilege escalation.\n\nCVE-2018-15688\n\nA buffer overflow vulnerability in the dhcp6 client of systemd\nallows a malicious dhcp6 server to overwrite heap memory in\nsystemd-networkd, which is not enabled by default in Debian.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"gir1.2-gudev-1.0\", ver:\"215-17+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgudev-1.0-0\", ver:\"215-17+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgudev-1.0-dev\", ver:\"215-17+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpam-systemd\", ver:\"215-17+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsystemd-daemon-dev\", ver:\"215-17+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsystemd-daemon0\", ver:\"215-17+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsystemd-dev\", ver:\"215-17+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsystemd-id128-0\", ver:\"215-17+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsystemd-id128-dev\", ver:\"215-17+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsystemd-journal-dev\", ver:\"215-17+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsystemd-journal0\", ver:\"215-17+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsystemd-login-dev\", ver:\"215-17+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsystemd-login0\", ver:\"215-17+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsystemd0\", ver:\"215-17+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libudev-dev\", ver:\"215-17+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libudev1\", ver:\"215-17+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python3-systemd\", ver:\"215-17+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"systemd\", ver:\"215-17+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"systemd-dbg\", ver:\"215-17+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"systemd-sysv\", ver:\"215-17+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"udev\", ver:\"215-17+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T17:41:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-01-16T00:00:00", "type": "openvas", "title": "CentOS Update for libgudev1-219-62.el7_ CESA-2019:0049 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16865", "CVE-2018-16864", "CVE-2018-15688"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310882992", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882992", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882992\");\n script_version(\"2020-03-13T09:49:59+0000\");\n script_cve_id(\"CVE-2018-15688\", \"CVE-2018-16864\", \"CVE-2018-16865\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 09:49:59 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-01-16 04:01:18 +0100 (Wed, 16 Jan 2019)\");\n script_name(\"CentOS Update for libgudev1-219-62.el7_ CESA-2019:0049 centos7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n\n script_xref(name:\"CESA\", value:\"2019:0049\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2019-January/023143.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libgudev1-219-62.el7'\n package(s) announced via the CESA-2019:0049 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The systemd packages contain systemd, a system and service manager for\nLinux, compatible with the SysV and LSB init scripts. It provides\naggressive parallelism capabilities, uses socket and D-Bus activation for\nstarting services, offers on-demand starting of daemons, and keeps track of\nprocesses using Linux cgroups. In addition, it supports snapshotting and\nrestoring of the system state, maintains mount and automount points, and\nimplements an elaborate transactional dependency-based service control\nlogic. It can also work as a drop-in replacement for sysvinit.\n\nSecurity Fix(es):\n\n * systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option\nhandling (CVE-2018-15688)\n\n * systemd: stack overflow when calling syslog from a command with long\ncmdline (CVE-2018-16864)\n\n * systemd: stack overflow when receiving many journald entries\n(CVE-2018-16865)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section.\n\nRed Hat would like to thank Ubuntu Security Team for reporting\nCVE-2018-15688 and Qualys Research Labs for reporting CVE-2018-16864 and\nCVE-2018-16865. Upstream acknowledges Felix Wilhelm (Google) as the\noriginal reporter of CVE-2018-15688.\");\n\n script_tag(name:\"affected\", value:\"libgudev1-219-62.el7_ on CentOS 7.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS7\") {\n if(!isnull(res = isrpmvuln(pkg:\"libgudev1\", rpm:\"libgudev1~219~62.el7_6.2\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgudev1-devel\", rpm:\"libgudev1-devel~219~62.el7_6.2\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd\", rpm:\"systemd~219~62.el7_6.2\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-devel\", rpm:\"systemd-devel~219~62.el7_6.2\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-journal-gateway\", rpm:\"systemd-journal-gateway~219~62.el7_6.2\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-libs\", rpm:\"systemd-libs~219~62.el7_6.2\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-networkd\", rpm:\"systemd-networkd~219~62.el7_6.2\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-python\", rpm:\"systemd-python~219~62.el7_6.2\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-resolved\", rpm:\"systemd-resolved~219~62.el7_6.2\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-sysv\", rpm:\"systemd-sysv~219~62.el7_6.2\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:36:52", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2019-1233)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16865", "CVE-2018-16864", "CVE-2018-15688"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191233", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191233", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1233\");\n script_version(\"2020-01-23T11:35:59+0000\");\n script_cve_id(\"CVE-2018-15688\", \"CVE-2018-16864\", \"CVE-2018-16865\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:35:59 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:35:59 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2019-1233)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.4\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1233\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1233\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'systemd' package(s) announced via the EulerOS-SA-2019-1233 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges.CVE-2018-16865\n\nIt was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim's one may advertise itself as a DHCPv6 server and exploit this flaw to cause a Denial of Service or potentially gain code execution on the victim's machine.CVE-2018-15688\n\nAn allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate privileges.CVE-2018-16864\");\n\n script_tag(name:\"affected\", value:\"'systemd' package(s) on Huawei EulerOS Virtualization 2.5.4.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.4\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libgudev1-devel\", rpm:\"libgudev1-devel~219~57.h68\", rls:\"EULEROSVIRT-2.5.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd\", rpm:\"systemd~219~57.h68\", rls:\"EULEROSVIRT-2.5.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-devel\", rpm:\"systemd-devel~219~57.h68\", rls:\"EULEROSVIRT-2.5.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-libs\", rpm:\"systemd-libs~219~57.h68\", rls:\"EULEROSVIRT-2.5.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-networkd\", rpm:\"systemd-networkd~219~57.h68\", rls:\"EULEROSVIRT-2.5.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-python\", rpm:\"systemd-python~219~57.h68\", rls:\"EULEROSVIRT-2.5.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-resolved\", rpm:\"systemd-resolved~219~57.h68\", rls:\"EULEROSVIRT-2.5.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-sysv\", rpm:\"systemd-sysv~219~57.h68\", rls:\"EULEROSVIRT-2.5.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:57", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-11-05T00:00:00", "type": "openvas", "title": "Fedora Update for systemd FEDORA-2018-24bd6c9d4a", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15686", "CVE-2018-15687", "CVE-2018-15688"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875239", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875239", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_24bd6c9d4a_systemd_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for systemd FEDORA-2018-24bd6c9d4a\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875239\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-15687\", \"CVE-2018-15686\", \"CVE-2018-15688\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-05 06:18:32 +0100 (Mon, 05 Nov 2018)\");\n script_name(\"Fedora Update for systemd FEDORA-2018-24bd6c9d4a\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2018-24bd6c9d4a\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDWAO2SXI45GQ5PBFG3KWYVCHBVYCND4\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'systemd'\n package(s) announced via the FEDORA-2018-24bd6c9d4a advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"systemd on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"systemd\", rpm:\"systemd~238~10.git438ac26.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:33:30", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2019-1227)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16865", "CVE-2018-16864", "CVE-2018-15688"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191227", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191227", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1227\");\n script_version(\"2020-01-23T11:35:47+0000\");\n script_cve_id(\"CVE-2018-15688\", \"CVE-2018-16864\", \"CVE-2018-16865\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:35:47 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:35:47 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2019-1227)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1227\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1227\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'systemd' package(s) announced via the EulerOS-SA-2019-1227 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges.CVE-2018-16865\n\nIt was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim's one may advertise itself as a DHCPv6 server and exploit this flaw to cause a Denial of Service or potentially gain code execution on the victim's machine.CVE-2018-15688\n\nAn allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate privileges.CVE-2018-16864\");\n\n script_tag(name:\"affected\", value:\"'systemd' package(s) on Huawei EulerOS Virtualization 2.5.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libgudev1\", rpm:\"libgudev1~219~57.h66\", rls:\"EULEROSVIRT-2.5.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd\", rpm:\"systemd~219~57.h66\", rls:\"EULEROSVIRT-2.5.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-devel\", rpm:\"systemd-devel~219~57.h66\", rls:\"EULEROSVIRT-2.5.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-libs\", rpm:\"systemd-libs~219~57.h66\", rls:\"EULEROSVIRT-2.5.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-networkd\", rpm:\"systemd-networkd~219~57.h66\", rls:\"EULEROSVIRT-2.5.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-python\", rpm:\"systemd-python~219~57.h66\", rls:\"EULEROSVIRT-2.5.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-resolved\", rpm:\"systemd-resolved~219~57.h66\", rls:\"EULEROSVIRT-2.5.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-sysv\", rpm:\"systemd-sysv~219~57.h66\", rls:\"EULEROSVIRT-2.5.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:33:30", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2019-1416)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16865", "CVE-2018-16864", "CVE-2018-15688"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191416", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191416", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1416\");\n script_version(\"2020-01-23T11:43:20+0000\");\n script_cve_id(\"CVE-2018-15688\", \"CVE-2018-16864\", \"CVE-2018-16865\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:43:20 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:43:20 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2019-1416)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1416\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1416\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'systemd' package(s) announced via the EulerOS-SA-2019-1416 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges.(CVE-2018-16864)\n\nAn allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges.(CVE-2018-16865)\n\nIt was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim's one may advertise itself as a DHCPv6 server and exploit this flaw to cause a Denial of Service or potentially gain code execution on the victim's machine.(CVE-2018-15688)\");\n\n script_tag(name:\"affected\", value:\"'systemd' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libgudev1\", rpm:\"libgudev1~219~57.h88\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd\", rpm:\"systemd~219~57.h88\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-devel\", rpm:\"systemd-devel~219~57.h88\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-libs\", rpm:\"systemd-libs~219~57.h88\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-networkd\", rpm:\"systemd-networkd~219~57.h88\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-python\", rpm:\"systemd-python~219~57.h88\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-resolved\", rpm:\"systemd-resolved~219~57.h88\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-sysv\", rpm:\"systemd-sysv~219~57.h88\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-udev-compat\", rpm:\"systemd-udev-compat~219~57.h88\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-05T16:51:28", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2019-1060)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16865", "CVE-2018-16864", "CVE-2018-15688"], "modified": "2020-03-03T00:00:00", "id": "OPENVAS:1361412562311220191060", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191060", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1060\");\n script_version(\"2020-03-03T09:12:51+0000\");\n script_cve_id(\"CVE-2018-15688\", \"CVE-2018-16864\", \"CVE-2018-16865\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-03 09:12:51 +0000 (Tue, 03 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:29:28 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2019-1060)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1060\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1060\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'systemd' package(s) announced via the EulerOS-SA-2019-1060 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688)\n\nsystemd: stack overflow when calling syslog from a command with long cmdline (CVE-2018-16864)\n\nsystemd: stack overflow when receiving many journald entries (CVE-2018-16865)\");\n\n script_tag(name:\"affected\", value:\"'systemd' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libgudev1\", rpm:\"libgudev1~219~30.6.h30\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgudev1-devel\", rpm:\"libgudev1-devel~219~30.6.h30\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd\", rpm:\"systemd~219~30.6.h30\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-devel\", rpm:\"systemd-devel~219~30.6.h30\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-libs\", rpm:\"systemd-libs~219~30.6.h30\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-python\", rpm:\"systemd-python~219~30.6.h30\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-sysv\", rpm:\"systemd-sysv~219~30.6.h30\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-05T16:52:37", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2019-1107)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16865", "CVE-2018-16864", "CVE-2019-6454", "CVE-2018-15688"], "modified": "2020-03-03T00:00:00", "id": "OPENVAS:1361412562311220191107", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191107", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1107\");\n script_version(\"2020-03-03T09:12:51+0000\");\n script_cve_id(\"CVE-2018-15688\", \"CVE-2018-16864\", \"CVE-2018-16865\", \"CVE-2019-6454\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-03 09:12:51 +0000 (Tue, 03 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:31:29 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2019-1107)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1107\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1107\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'systemd' package(s) announced via the EulerOS-SA-2019-1107 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688)\n\nsystemd: stack overflow when calling syslog from a command with long cmdline (CVE-2018-16864)\n\nsystemd: stack overflow when receiving many journald entries (CVE-2018-16865)\n\nsystemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash (CVE-2019-6454)\");\n\n script_tag(name:\"affected\", value:\"'systemd' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libgudev1\", rpm:\"libgudev1~219~30.6.h53\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgudev1-devel\", rpm:\"libgudev1-devel~219~30.6.h53\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd\", rpm:\"systemd~219~30.6.h53\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-devel\", rpm:\"systemd-devel~219~30.6.h53\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-libs\", rpm:\"systemd-libs~219~30.6.h53\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-python\", rpm:\"systemd-python~219~30.6.h53\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-sysv\", rpm:\"systemd-sysv~219~30.6.h53\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:36:55", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2019-1412)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1049", "CVE-2018-16865", "CVE-2018-16864", "CVE-2019-6454", "CVE-2018-15688"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191412", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191412", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1412\");\n script_version(\"2020-01-23T11:42:59+0000\");\n script_cve_id(\"CVE-2018-1049\", \"CVE-2018-15688\", \"CVE-2018-16864\", \"CVE-2018-16865\", \"CVE-2019-6454\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:42:59 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:42:59 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2019-1412)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1412\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1412\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'systemd' package(s) announced via the EulerOS-SA-2019-1412 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.(CVE-2018-16864)\n\nAn allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.(CVE-2018-16865)\n\nAn issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).(CVE-2019-6454)\n\nA race condition was found in systemd. This could result in automount requests not being serviced and processes using them could hang, causing denial of service.(CVE-2018-1049)\n\nIt was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim's one may advertise itself as a DHCPv6 server and exploit this flaw to cause a Denial of Service or potentially gain code execution on the victim's machine.(CVE-2018-15688)\");\n\n script_tag(name:\"affected\", value:\"'systemd' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libgudev1\", rpm:\"libgudev1~219~57.h82\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd\", rpm:\"systemd~219~57.h82\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-libs\", rpm:\"systemd-libs~219~57.h82\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-networkd\", rpm:\"systemd-networkd~219~57.h82\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-python\", rpm:\"systemd-python~219~57.h82\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-resolved\", rpm:\"systemd-resolved~219~57.h82\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-sysv\", rpm:\"systemd-sysv~219~57.h82\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for systemd FEDORA-2019-18b3a10c7f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15686", "CVE-2018-16865", "CVE-2018-16864", "CVE-2018-15687", "CVE-2018-15688", "CVE-2018-16866"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310875894", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875894", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875894\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2018-16865\", \"CVE-2018-16864\", \"CVE-2018-16866\", \"CVE-2018-15687\", \"CVE-2018-15686\", \"CVE-2018-15688\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:26:23 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for systemd FEDORA-2019-18b3a10c7f\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-18b3a10c7f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2GTRZSLLKWS4R35VD34M4NR4TLVNRTBA\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'systemd'\n package(s) announced via the FEDORA-2019-18b3a10c7f advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"systemd is a system and service manager that runs as PID 1 and starts\nthe rest of the system. It provides aggressive parallelization\ncapabilities, uses socket and D-Bus activation for starting services,\noffers on-demand starting of daemons, keeps track of processes using\nLinux control groups, maintains mount and automount points, and\nimplements an elaborate transactional dependency-based service control\nlogic. systemd supports SysV and LSB init scripts and works as a\nreplacement for sysvinit. Other parts of this package are a logging daemon,\nutilities to control basic system configuration like the hostname,\ndate, locale, maintain a list of logged-in users, system accounts,\nruntime directories and settings, and daemons to manage simple network\nconfiguration, network time synchronization, log forwarding, and name\nresolution.\");\n\n script_tag(name:\"affected\", value:\"'systemd' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd\", rpm:\"systemd~239~8.gite339eae.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:15", "description": "The remote host is missing an update for the\n ", "cvss3": {}, "published": "2019-02-18T00:00:00", "type": "openvas", "title": "Fedora Update for systemd FEDORA-2019-e0eb3d797e", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15686", "CVE-2018-16865", "CVE-2018-16864", "CVE-2018-15687", "CVE-2018-15688", "CVE-2018-16866"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875464", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875464", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875464\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-16865\", \"CVE-2018-16864\", \"CVE-2018-16866\", \"CVE-2018-15687\",\n \"CVE-2018-15686\", \"CVE-2018-15688\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2019-02-18 04:07:26 +0100 (Mon, 18 Feb 2019)\");\n script_name(\"Fedora Update for systemd FEDORA-2019-e0eb3d797e\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-e0eb3d797e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XUX2VFQ5ZOLCOLUYLW52BQYNSNQCOJKI\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'systemd' package(s) announced via the FEDORA-2019-e0eb3d797e advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"affected\", value:\"systemd on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"systemd\", rpm:\"systemd~238~11.gita76ee90.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for systemd FEDORA-2019-1fb1547321", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15686", "CVE-2018-16865", "CVE-2018-16864", "CVE-2018-15687", "CVE-2018-15688", "CVE-2018-16866"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310875785", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875785", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875785\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2018-16865\", \"CVE-2018-16864\", \"CVE-2018-16866\", \"CVE-2018-15687\", \"CVE-2018-15686\", \"CVE-2018-15688\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:20:16 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for systemd FEDORA-2019-1fb1547321\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-1fb1547321\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5OLTVMFMAQMZPEOF5UNGZ7XJ2XTQSOM\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'systemd'\n package(s) announced via the FEDORA-2019-1fb1547321 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"systemd is a system and service manager that runs as PID 1 and starts\nthe rest of the system. It provides aggressive parallelization\ncapabilities, uses socket and D-Bus activation for starting services,\noffers on-demand starting of daemons, keeps track of processes using\nLinux control groups, maintains mount and automount points, and\nimplements an elaborate transactional dependency-based service control\nlogic. systemd supports SysV and LSB init scripts and works as a\nreplacement for sysvinit. Other parts of this package are a logging daemon,\nutilities to control basic system configuration like the hostname,\ndate, locale, maintain a list of logged-in users, system accounts,\nruntime directories and settings, and daemons to manage simple network\nconfiguration, network time synchronization, log forwarding, and name\nresolution.\");\n\n script_tag(name:\"affected\", value:\"'systemd' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd\", rpm:\"systemd~239~11.git4dc7dce.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for systemd FEDORA-2019-8434288a24", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15686", "CVE-2018-16865", "CVE-2018-16864", "CVE-2018-15687", "CVE-2019-6454", "CVE-2018-15688", "CVE-2018-16866"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310876042", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876042", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876042\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-6454\", \"CVE-2018-16865\", \"CVE-2018-16864\", \"CVE-2018-16866\", \"CVE-2018-15687\", \"CVE-2018-15686\", \"CVE-2018-15688\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:32:48 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for systemd FEDORA-2019-8434288a24\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-8434288a24\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N67IOBOTDOMVNQJ5QRU2MXLEECXPGNVJ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'systemd'\n package(s) announced via the FEDORA-2019-8434288a24 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"systemd is a system and service manager that runs as PID 1 and starts\nthe rest of the system. It provides aggressive parallelization\ncapabilities, uses socket and D-Bus activation for starting services,\noffers on-demand starting of daemons, keeps track of processes using\nLinux control groups, maintains mount and automount points, and\nimplements an elaborate transactional dependency-based service control\nlogic. systemd supports SysV and LSB init scripts and works as a\nreplacement for sysvinit. Other parts of this package are a logging daemon,\nutilities to control basic system configuration like the hostname,\ndate, locale, maintain a list of logged-in users, system accounts,\nruntime directories and settings, and daemons to manage simple network\nconfiguration, network time synchronization, log forwarding, and name\nresolution.\");\n\n script_tag(name:\"affected\", value:\"'systemd' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd\", rpm:\"systemd~239~12.git8bca462.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:33:13", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2019-1045)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9445", "CVE-2018-16865", "CVE-2018-16864", "CVE-2017-18078", "CVE-2016-7795", "CVE-2018-15688", "CVE-2019-3815"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191045", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191045", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1045\");\n script_version(\"2020-01-23T11:28:47+0000\");\n script_cve_id(\"CVE-2016-7795\", \"CVE-2017-18078\", \"CVE-2017-9445\", \"CVE-2018-15688\", \"CVE-2018-16864\", \"CVE-2018-16865\", \"CVE-2019-3815\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:28:47 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:28:47 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2019-1045)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1045\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1045\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'systemd' package(s) announced via the EulerOS-SA-2019-1045 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688)\n\nsystemd: stack overflow when calling syslog from a command with long cmdline (CVE-2018-16864)\n\nsystemd: stack overflow when receiving many journald entries (CVE-2018-16865)\n\nsystemd: Assertion failure when PID 1 receives a zero-length message over notify socket(CVE-2016-7795)\n\nsystemd: Unsafe handling of hard links allowing privilege escalation(CVE-2017-18078)\n\nsystemd: Out-of-bounds write in systemd-resolved due to allocating too small buffer in dns_packet_new(CVE-2017-9445)\n\nsystemd: memory leak in journald-server.c introduced by fix for CVE-2018-16864 (CVE-2019-3815)\");\n\n script_tag(name:\"affected\", value:\"'systemd' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd\", rpm:\"systemd~219~57.h71.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-devel\", rpm:\"systemd-devel~219~57.h71.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-libs\", rpm:\"systemd-libs~219~57.h71.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-python\", rpm:\"systemd-python~219~57.h71.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd-sysv\", rpm:\"systemd-sysv~219~57.h71.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-03-09T00:00:00", "type": "openvas", "title": "Fedora Update for systemd FEDORA-2019-2dab60e288", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15686", "CVE-2018-16865", "CVE-2018-16864", "CVE-2018-15687", "CVE-2019-6454", "CVE-2018-15688", "CVE-2018-16866"], "modified": "2019-04-05T00:00:00", "id": "OPENVAS:1361412562310875502", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875502", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875502\");\n script_version(\"2019-04-05T06:55:01+0000\");\n script_cve_id(\"CVE-2019-6454\", \"CVE-2018-16865\", \"CVE-2018-16864\", \"CVE-2018-16866\", \"CVE-2018-15687\", \"CVE-2018-15686\", \"CVE-2018-15688\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-04-05 06:55:01 +0000 (Fri, 05 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-03-09 04:12:52 +0100 (Sat, 09 Mar 2019)\");\n script_name(\"Fedora Update for systemd FEDORA-2019-2dab60e288\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-2dab60e288\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6G3TTXTNADCQ3KZN3HQMFELXTZBWNOP\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'systemd'\n package(s) announced via the FEDORA-2019-2dab60e288 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"systemd on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"systemd\", rpm:\"systemd~238~12.git07f8cd5.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-09-20T14:34:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-09-19T00:00:00", "type": "openvas", "title": "Fedora Update for systemd FEDORA-2019-8a7dfdf1f3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15686", "CVE-2019-15718", "CVE-2018-16865", "CVE-2018-16864", "CVE-2018-15687", "CVE-2019-6454", "CVE-2018-15688", "CVE-2018-16866"], "modified": "2019-09-20T00:00:00", "id": "OPENVAS:1361412562310876816", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876816", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876816\");\n script_version(\"2019-09-20T05:25:28+0000\");\n script_cve_id(\"CVE-2019-15718\", \"CVE-2019-6454\", \"CVE-2018-16865\", \"CVE-2018-16864\", \"CVE-2018-16866\", \"CVE-2018-15687\", \"CVE-2018-15686\", \"CVE-2018-15688\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-09-20 05:25:28 +0000 (Fri, 20 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-19 02:31:03 +0000 (Thu, 19 Sep 2019)\");\n script_name(\"Fedora Update for systemd FEDORA-2019-8a7dfdf1f3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-8a7dfdf1f3\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'systemd'\n package(s) announced via the FEDORA-2019-8a7dfdf1f3 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"systemd is a system and service manager that runs as PID 1 and starts\nthe rest of the system. It provides aggressive parallelization\ncapabilities, uses socket and D-Bus activation for starting services,\noffers on-demand starting of daemons, keeps track of processes using\nLinux control groups, maintains mount and automount points, and\nimplements an elaborate transactional dependency-based service control\nlogic. systemd supports SysV and LSB init scripts and works as a\nreplacement for sysvinit. Other parts of this package are a logging daemon,\nutilities to control basic system configuration like the hostname,\ndate, locale, maintain a list of logged-in users, system accounts,\nruntime directories and settings, and daemons to manage simple network\nconfiguration, network time synchronization, log forwarding, and name\nresolution.\");\n\n script_tag(name:\"affected\", value:\"'systemd' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"systemd\", rpm:\"systemd~239~14.git33ccd62.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T13:44:40", "description": "A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-10-26T14:29:00", "type": "cve", "title": "CVE-2018-15688", "cwe": ["CWE-120"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15688"], "modified": "2022-01-31T18:30:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:systemd_project:systemd:239", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:redhat:enterprise_linux_server_eus:7.6", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/o:redhat:enterprise_linux_server_tus:7.6"], "id": "CVE-2018-15688", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15688", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:systemd_project:systemd:239:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2022-05-31T18:12:43", "description": "Security Fix(es) :\n\n - systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-28T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : NetworkManager on SL7.x x86_64 (20181127)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688"], "modified": "2022-02-02T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:NetworkManager", "p-cpe:/a:fermilab:scientific_linux:NetworkManager-adsl", "p-cpe:/a:fermilab:scientific_linux:NetworkManager-bluetooth", "p-cpe:/a:fermilab:scientific_linux:NetworkManager-config-server", "p-cpe:/a:fermilab:scientific_linux:NetworkManager-debuginfo", "p-cpe:/a:fermilab:scientific_linux:NetworkManager-dispatcher-routing-rules", "p-cpe:/a:fermilab:scientific_linux:NetworkManager-glib", "p-cpe:/a:fermilab:scientific_linux:NetworkManager-glib-devel", "p-cpe:/a:fermilab:scientific_linux:NetworkManager-libnm", "p-cpe:/a:fermilab:scientific_linux:NetworkManager-libnm-devel", "p-cpe:/a:fermilab:scientific_linux:NetworkManager-ovs", "p-cpe:/a:fermilab:scientific_linux:NetworkManager-ppp", "p-cpe:/a:fermilab:scientific_linux:NetworkManager-team", "p-cpe:/a:fermilab:scientific_linux:NetworkManager-tui", "p-cpe:/a:fermilab:scientific_linux:NetworkManager-wifi", "p-cpe:/a:fermilab:scientific_linux:NetworkManager-wwan", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20181127_NETWORKMANAGER_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/119249", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119249);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/02\");\n\n script_cve_id(\"CVE-2018-15688\");\n\n script_name(english:\"Scientific Linux Security Update : NetworkManager on SL7.x x86_64 (20181127)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - systemd: Out-of-bounds heap write in systemd-networkd\n dhcpv6 option handling (CVE-2018-15688)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1811&L=scientific-linux-errata&F=&S=&P=15143\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d89b1b6c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15688\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:NetworkManager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:NetworkManager-adsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:NetworkManager-bluetooth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:NetworkManager-config-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:NetworkManager-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:NetworkManager-dispatcher-routing-rules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:NetworkManager-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:NetworkManager-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:NetworkManager-libnm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:NetworkManager-libnm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:NetworkManager-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:NetworkManager-ppp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:NetworkManager-team\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:NetworkManager-tui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:NetworkManager-wifi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:NetworkManager-wwan\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/28\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"NetworkManager-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"NetworkManager-adsl-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"NetworkManager-bluetooth-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"NetworkManager-config-server-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"NetworkManager-debuginfo-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"NetworkManager-dispatcher-routing-rules-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"NetworkManager-glib-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"NetworkManager-glib-devel-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"NetworkManager-libnm-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"NetworkManager-libnm-devel-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"NetworkManager-ovs-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"NetworkManager-ppp-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"NetworkManager-team-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"NetworkManager-tui-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"NetworkManager-wifi-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"NetworkManager-wwan-1.12.0-8.el7_6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"NetworkManager / NetworkManager-adsl / NetworkManager-bluetooth / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-31T14:58:00", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has NetworkManager packages installed that are affected by a vulnerability:\n\n - It was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim's one may advertise itself as a DHCPv6 server and exploit this flaw to cause a Denial of Service or potentially gain code execution on the victim's machine. (CVE-2018-15688)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : NetworkManager Vulnerability (NS-SA-2019-0049)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688"], "modified": "2022-02-01T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0049_NETWORKMANAGER.NASL", "href": "https://www.tenable.com/plugins/nessus/127232", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0049. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127232);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/01\");\n\n script_cve_id(\"CVE-2018-15688\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : NetworkManager Vulnerability (NS-SA-2019-0049)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has NetworkManager packages installed that are\naffected by a vulnerability:\n\n - It was discovered that systemd-network does not\n correctly keep track of a buffer size when constructing\n DHCPv6 packets. This flaw may lead to an integer\n underflow that can be used to produce an heap-based\n buffer overflow. A malicious host on the same network\n segment as the victim's one may advertise itself as a\n DHCPv6 server and exploit this flaw to cause a Denial of\n Service or potentially gain code execution on the\n victim's machine. (CVE-2018-15688)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0049\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL NetworkManager packages. Note that updated packages may not be available yet. Please contact\nZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15688\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"NetworkManager-1.12.0-8.el7_6\",\n \"NetworkManager-adsl-1.12.0-8.el7_6\",\n \"NetworkManager-bluetooth-1.12.0-8.el7_6\",\n \"NetworkManager-config-server-1.12.0-8.el7_6\",\n \"NetworkManager-debuginfo-1.12.0-8.el7_6\",\n \"NetworkManager-dispatcher-routing-rules-1.12.0-8.el7_6\",\n \"NetworkManager-glib-1.12.0-8.el7_6\",\n \"NetworkManager-glib-devel-1.12.0-8.el7_6\",\n \"NetworkManager-libnm-1.12.0-8.el7_6\",\n \"NetworkManager-libnm-devel-1.12.0-8.el7_6\",\n \"NetworkManager-ovs-1.12.0-8.el7_6\",\n \"NetworkManager-ppp-1.12.0-8.el7_6\",\n \"NetworkManager-team-1.12.0-8.el7_6\",\n \"NetworkManager-tui-1.12.0-8.el7_6\",\n \"NetworkManager-wifi-1.12.0-8.el7_6\",\n \"NetworkManager-wwan-1.12.0-8.el7_6\"\n ],\n \"CGSL MAIN 5.04\": [\n \"NetworkManager-1.12.0-8.el7_6\",\n \"NetworkManager-adsl-1.12.0-8.el7_6\",\n \"NetworkManager-bluetooth-1.12.0-8.el7_6\",\n \"NetworkManager-config-server-1.12.0-8.el7_6\",\n \"NetworkManager-debuginfo-1.12.0-8.el7_6\",\n \"NetworkManager-dispatcher-routing-rules-1.12.0-8.el7_6\",\n \"NetworkManager-glib-1.12.0-8.el7_6\",\n \"NetworkManager-glib-devel-1.12.0-8.el7_6\",\n \"NetworkManager-libnm-1.12.0-8.el7_6\",\n \"NetworkManager-libnm-devel-1.12.0-8.el7_6\",\n \"NetworkManager-ovs-1.12.0-8.el7_6\",\n \"NetworkManager-ppp-1.12.0-8.el7_6\",\n \"NetworkManager-team-1.12.0-8.el7_6\",\n \"NetworkManager-tui-1.12.0-8.el7_6\",\n \"NetworkManager-wifi-1.12.0-8.el7_6\",\n \"NetworkManager-wwan-1.12.0-8.el7_6\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"NetworkManager\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-31T18:14:13", "description": "dhcp: fix out-of-bounds heap write for DHCPv6 with internal plugin (CVE-2018-15688)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-16T00:00:00", "type": "nessus", "title": "Fedora 27 : 1:NetworkManager (2018-fc3018b1bd)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:NetworkManager", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-FC3018B1BD.NASL", "href": "https://www.tenable.com/plugins/nessus/119009", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-fc3018b1bd.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119009);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-15688\");\n script_xref(name:\"FEDORA\", value:\"2018-fc3018b1bd\");\n\n script_name(english:\"Fedora 27 : 1:NetworkManager (2018-fc3018b1bd)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"dhcp: fix out-of-bounds heap write for DHCPv6 with internal plugin\n(CVE-2018-15688)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-fc3018b1bd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:NetworkManager package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:NetworkManager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"NetworkManager-1.8.8-2.fc27\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:NetworkManager\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-31T18:12:58", "description": "Felix Wilhelm discovered that the systemd-networkd DHCPv6 client incorrectly handled certain DHCPv6 messages. In configurations where systemd-networkd is being used, an attacker on the same network could use this issue to cause systemd-networkd to crash, resulting in a denial of service, or possibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-06T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 18.10 : systemd vulnerability (USN-3806-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688"], "modified": "2022-02-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:systemd", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.10"], "id": "UBUNTU_USN-3806-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118750", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3806-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118750);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/02\");\n\n script_cve_id(\"CVE-2018-15688\");\n script_xref(name:\"USN\", value:\"3806-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 18.10 : systemd vulnerability (USN-3806-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Felix Wilhelm discovered that the systemd-networkd DHCPv6 client\nincorrectly handled certain DHCPv6 messages. In configurations where\nsystemd-networkd is being used, an attacker on the same network could\nuse this issue to cause systemd-networkd to crash, resulting in a\ndenial of service, or possibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3806-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected systemd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15688\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/06\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2022 Canonical, Inc. / NASL script (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|18\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 18.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"systemd\", pkgver:\"229-4ubuntu21.6\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"systemd\", pkgver:\"237-3ubuntu10.4\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"systemd\", pkgver:\"239-7ubuntu10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-31T14:25:10", "description": "- ifcfg: fix crash parsing DNS entries (rh #1607866)\n\n - dhcp: fix out-of-bounds heap write for DHCPv6 with internal plugin (CVE-2018-15688)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 28 : 1:NetworkManager (2018-7243f31304)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:NetworkManager", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-7243F31304.NASL", "href": "https://www.tenable.com/plugins/nessus/120527", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-7243f31304.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120527);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-15688\");\n script_xref(name:\"FEDORA\", value:\"2018-7243f31304\");\n\n script_name(english:\"Fedora 28 : 1:NetworkManager (2018-7243f31304)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - ifcfg: fix crash parsing DNS entries (rh #1607866)\n\n - dhcp: fix out-of-bounds heap write for DHCPv6 with\n internal plugin (CVE-2018-15688)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-7243f31304\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:NetworkManager package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:NetworkManager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"NetworkManager-1.10.12-2.fc28\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:NetworkManager\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-31T14:24:20", "description": "It was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim's one may advertise itself as a DHCPv6 server and exploit this flaw to cause a Denial of Service or potentially gain code execution on the victim's machine.(CVE-2018-15688)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-10T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : NetworkManager (ALAS-2019-1144)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688"], "modified": "2022-02-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:NetworkManager", "p-cpe:/a:amazon:linux:NetworkManager-adsl", "p-cpe:/a:amazon:linux:NetworkManager-bluetooth", "p-cpe:/a:amazon:linux:NetworkManager-config-server", "p-cpe:/a:amazon:linux:NetworkManager-debuginfo", "p-cpe:/a:amazon:linux:NetworkManager-dispatcher-routing-rules", "p-cpe:/a:amazon:linux:NetworkManager-glib", "p-cpe:/a:amazon:linux:NetworkManager-glib-devel", "p-cpe:/a:amazon:linux:NetworkManager-libnm", "p-cpe:/a:amazon:linux:NetworkManager-libnm-devel", "p-cpe:/a:amazon:linux:NetworkManager-ppp", "p-cpe:/a:amazon:linux:NetworkManager-team", "p-cpe:/a:amazon:linux:NetworkManager-tui", "p-cpe:/a:amazon:linux:NetworkManager-wifi", "p-cpe:/a:amazon:linux:NetworkManager-wwan", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2019-1144.NASL", "href": "https://www.tenable.com/plugins/nessus/121053", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1144.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121053);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/02\");\n\n script_cve_id(\"CVE-2018-15688\");\n script_xref(name:\"ALAS\", value:\"2019-1144\");\n\n script_name(english:\"Amazon Linux 2 : NetworkManager (ALAS-2019-1144)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that systemd-network does not correctly keep track\nof a buffer size when constructing DHCPv6 packets. This flaw may lead\nto an integer underflow that can be used to produce an heap-based\nbuffer overflow. A malicious host on the same network segment as the\nvictim's one may advertise itself as a DHCPv6 server and exploit this\nflaw to cause a Denial of Service or potentially gain code execution\non the victim's machine.(CVE-2018-15688)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1144.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update NetworkManager' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15688\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:NetworkManager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:NetworkManager-adsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:NetworkManager-bluetooth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:NetworkManager-config-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:NetworkManager-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:NetworkManager-dispatcher-routing-rules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:NetworkManager-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:NetworkManager-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:NetworkManager-libnm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:NetworkManager-libnm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:NetworkManager-ppp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:NetworkManager-team\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:NetworkManager-tui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:NetworkManager-wifi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:NetworkManager-wwan\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/10\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"NetworkManager-1.12.0-8.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"NetworkManager-adsl-1.12.0-8.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"NetworkManager-bluetooth-1.12.0-8.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"NetworkManager-config-server-1.12.0-8.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"NetworkManager-debuginfo-1.12.0-8.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"NetworkManager-dispatcher-routing-rules-1.12.0-8.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"NetworkManager-glib-1.12.0-8.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"NetworkManager-glib-devel-1.12.0-8.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"NetworkManager-libnm-1.12.0-8.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"NetworkManager-libnm-devel-1.12.0-8.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"NetworkManager-ppp-1.12.0-8.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"NetworkManager-team-1.12.0-8.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"NetworkManager-tui-1.12.0-8.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"NetworkManager-wifi-1.12.0-8.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"NetworkManager-wwan-1.12.0-8.amzn2.0.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"NetworkManager / NetworkManager-adsl / NetworkManager-bluetooth / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-31T14:28:28", "description": "An update of the systemd package has been released.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Systemd PHSA-2018-1.0-0193", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688"], "modified": "2022-02-01T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:systemd", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2018-1_0-0193_SYSTEMD.NASL", "href": "https://www.tenable.com/plugins/nessus/121894", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-1.0-0193. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121894);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/01\");\n\n script_cve_id(\"CVE-2018-15688\");\n\n script_name(english:\"Photon OS 1.0: Systemd PHSA-2018-1.0-0193\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the systemd package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-193.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15688\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"systemd-228-48.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"systemd-debuginfo-228-48.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-31T14:28:52", "description": "An update of the systemd package has been released.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Systemd PHSA-2018-2.0-0107", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688"], "modified": "2022-02-01T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:systemd", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2018-2_0-0107_SYSTEMD.NASL", "href": "https://www.tenable.com/plugins/nessus/122002", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-2.0-0107. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122002);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/01\");\n\n script_cve_id(\"CVE-2018-15688\");\n\n script_name(english:\"Photon OS 2.0: Systemd PHSA-2018-2.0-0107\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the systemd package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-107.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15688\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"systemd-233-16.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"systemd-devel-233-16.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"systemd-lang-233-16.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-31T18:13:46", "description": "Felix Wilhelm discovered that the NetworkManager internal DHCPv6 client incorrectly handled certain DHCPv6 messages. In non-default configurations where the internal DHCP client is enabled, an attacker on the same network could use this issue to cause NetworkManager to crash, resulting in a denial of service, or possibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-06T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 18.10 : network-manager vulnerability (USN-3807-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688"], "modified": "2022-02-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:network-manager", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.10"], "id": "UBUNTU_USN-3807-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118751", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3807-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118751);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/02\");\n\n script_cve_id(\"CVE-2018-15688\");\n script_xref(name:\"USN\", value:\"3807-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 18.10 : network-manager vulnerability (USN-3807-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Felix Wilhelm discovered that the NetworkManager internal DHCPv6\nclient incorrectly handled certain DHCPv6 messages. In non-default\nconfigurations where the internal DHCP client is enabled, an attacker\non the same network could use this issue to cause NetworkManager to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3807-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected network-manager package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15688\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:network-manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/06\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2022 Canonical, Inc. / NASL script (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|18\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 18.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"network-manager\", pkgver:\"1.2.6-0ubuntu0.16.04.3\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"network-manager\", pkgver:\"1.10.6-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"network-manager\", pkgver:\"1.12.4-1ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"network-manager\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-31T14:32:15", "description": "According to the version of the NetworkManager packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : NetworkManager (EulerOS-SA-2019-1322)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688"], "modified": "2022-02-01T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:NetworkManager", "p-cpe:/a:huawei:euleros:NetworkManager-adsl", "p-cpe:/a:huawei:euleros:NetworkManager-bluetooth", "p-cpe:/a:huawei:euleros:NetworkManager-glib", "p-cpe:/a:huawei:euleros:NetworkManager-libnm", "p-cpe:/a:huawei:euleros:NetworkManager-team", "p-cpe:/a:huawei:euleros:NetworkManager-tui", "p-cpe:/a:huawei:euleros:NetworkManager-wifi", "p-cpe:/a:huawei:euleros:NetworkManager-wwan", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1322.NASL", "href": "https://www.tenable.com/plugins/nessus/124449", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124449);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/01\");\n\n script_cve_id(\"CVE-2018-15688\");\n\n script_name(english:\"EulerOS 2.0 SP3 : NetworkManager (EulerOS-SA-2019-1322)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the NetworkManager packages installed,\nthe EulerOS installation on the remote host is affected by the\nfollowing vulnerability :\n\n - Out-of-bounds heap write in systemd-networkd dhcpv6\n option handling (CVE-2018-15688)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1322\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fa2d48dd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected NetworkManager package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15688\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-adsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-bluetooth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-libnm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-team\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-tui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-wifi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-wwan\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"NetworkManager-1.10.2-16.h8\",\n \"NetworkManager-adsl-1.10.2-16.h8\",\n \"NetworkManager-bluetooth-1.10.2-16.h8\",\n \"NetworkManager-glib-1.10.2-16.h8\",\n \"NetworkManager-libnm-1.10.2-16.h8\",\n \"NetworkManager-team-1.10.2-16.h8\",\n \"NetworkManager-tui-1.10.2-16.h8\",\n \"NetworkManager-wifi-1.10.2-16.h8\",\n \"NetworkManager-wwan-1.10.2-16.h8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"NetworkManager\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-31T14:24:21", "description": "dhcp: fix out-of-bounds heap write for DHCPv6 with internal plugin (CVE-2018-15688)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 29 : 1:NetworkManager (2018-71d85bc8cd)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:NetworkManager", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2018-71D85BC8CD.NASL", "href": "https://www.tenable.com/plugins/nessus/120524", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-71d85bc8cd.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120524);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-15688\");\n script_xref(name:\"FEDORA\", value:\"2018-71d85bc8cd\");\n\n script_name(english:\"Fedora 29 : 1:NetworkManager (2018-71d85bc8cd)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"dhcp: fix out-of-bounds heap write for DHCPv6 with internal plugin\n(CVE-2018-15688)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-71d85bc8cd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:NetworkManager package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:NetworkManager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"NetworkManager-1.12.4-2.fc29\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:NetworkManager\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-31T18:14:10", "description": "An update for NetworkManager is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nNetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services.\n\nSecurity Fix(es) :\n\n* systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Ubuntu Security Team for reporting this issue. Upstream acknowledges Felix Wilhelm (Google) as the original reporter.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-27T00:00:00", "type": "nessus", "title": "RHEL 7 : NetworkManager (RHSA-2018:3665)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688"], "modified": "2022-02-01T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:NetworkManager", "p-cpe:/a:redhat:enterprise_linux:NetworkManager-adsl", "p-cpe:/a:redhat:enterprise_linux:NetworkManager-bluetooth", "p-cpe:/a:redhat:enterprise_linux:NetworkManager-config-server", "p-cpe:/a:redhat:enterprise_linux:NetworkManager-debuginfo", "p-cpe:/a:redhat:enterprise_linux:NetworkManager-dispatcher-routing-rules", "p-cpe:/a:redhat:enterprise_linux:NetworkManager-glib", "p-cpe:/a:redhat:enterprise_linux:NetworkManager-glib-devel", "p-cpe:/a:redhat:enterprise_linux:NetworkManager-libnm", "p-cpe:/a:redhat:enterprise_linux:NetworkManager-libnm-devel", "p-cpe:/a:redhat:enterprise_linux:NetworkManager-ovs", "p-cpe:/a:redhat:enterprise_linux:NetworkManager-ppp", "p-cpe:/a:redhat:enterprise_linux:NetworkManager-team", "p-cpe:/a:redhat:enterprise_linux:NetworkManager-tui", "p-cpe:/a:redhat:enterprise_linux:NetworkManager-wifi", "p-cpe:/a:redhat:enterprise_linux:NetworkManager-wwan", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.6"], "id": "REDHAT-RHSA-2018-3665.NASL", "href": "https://www.tenable.com/plugins/nessus/119172", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:3665. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119172);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/01\");\n\n script_cve_id(\"CVE-2018-15688\");\n script_xref(name:\"RHSA\", value:\"2018:3665\");\n\n script_name(english:\"RHEL 7 : NetworkManager (RHSA-2018:3665)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for NetworkManager is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nNetworkManager is a system network service that manages network\ndevices and connections, attempting to keep active network\nconnectivity when available. Its capabilities include managing\nEthernet, wireless, mobile broadband (WWAN), and PPPoE devices, as\nwell as providing VPN integration with a variety of different VPN\nservices.\n\nSecurity Fix(es) :\n\n* systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option\nhandling (CVE-2018-15688)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nRed Hat would like to thank Ubuntu Security Team for reporting this\nissue. Upstream acknowledges Felix Wilhelm (Google) as the original\nreporter.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2018:3665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-15688\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15688\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager-adsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager-bluetooth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager-config-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager-dispatcher-routing-rules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager-libnm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager-libnm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager-ppp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager-team\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager-tui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager-wifi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:NetworkManager-wwan\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:3665\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"NetworkManager-1.12.0-8.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"NetworkManager-1.12.0-8.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"NetworkManager-adsl-1.12.0-8.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"NetworkManager-adsl-1.12.0-8.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"NetworkManager-bluetooth-1.12.0-8.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"NetworkManager-bluetooth-1.12.0-8.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"NetworkManager-config-server-1.12.0-8.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"NetworkManager-debuginfo-1.12.0-8.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"NetworkManager-dispatcher-routing-rules-1.12.0-8.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"NetworkManager-glib-1.12.0-8.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"NetworkManager-glib-devel-1.12.0-8.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"NetworkManager-libnm-1.12.0-8.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"NetworkManager-libnm-devel-1.12.0-8.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"NetworkManager-ovs-1.12.0-8.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"NetworkManager-ovs-1.12.0-8.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"NetworkManager-ppp-1.12.0-8.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"NetworkManager-ppp-1.12.0-8.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"NetworkManager-team-1.12.0-8.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"NetworkManager-team-1.12.0-8.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"NetworkManager-tui-1.12.0-8.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"NetworkManager-tui-1.12.0-8.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"NetworkManager-wifi-1.12.0-8.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"NetworkManager-wifi-1.12.0-8.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"NetworkManager-wwan-1.12.0-8.el7_6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"NetworkManager-wwan-1.12.0-8.el7_6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"NetworkManager / NetworkManager-adsl / NetworkManager-bluetooth / etc\");\n }\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-31T18:13:18", "description": "From Red Hat Security Advisory 2018:3665 :\n\nAn update for NetworkManager is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nNetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services.\n\nSecurity Fix(es) :\n\n* systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Ubuntu Security Team for reporting this issue. Upstream acknowledges Felix Wilhelm (Google) as the original reporter.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-28T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : NetworkManager (ELSA-2018-3665)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688"], "modified": "2022-02-01T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:NetworkManager", "p-cpe:/a:oracle:linux:NetworkManager-adsl", "p-cpe:/a:oracle:linux:NetworkManager-bluetooth", "p-cpe:/a:oracle:linux:NetworkManager-config-server", "p-cpe:/a:oracle:linux:NetworkManager-dispatcher-routing-rules", "p-cpe:/a:oracle:linux:NetworkManager-glib", "p-cpe:/a:oracle:linux:NetworkManager-glib-devel", "p-cpe:/a:oracle:linux:NetworkManager-libnm", "p-cpe:/a:oracle:linux:NetworkManager-libnm-devel", "p-cpe:/a:oracle:linux:NetworkManager-ovs", "p-cpe:/a:oracle:linux:NetworkManager-ppp", "p-cpe:/a:oracle:linux:NetworkManager-team", "p-cpe:/a:oracle:linux:NetworkManager-tui", "p-cpe:/a:oracle:linux:NetworkManager-wifi", "p-cpe:/a:oracle:linux:NetworkManager-wwan", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2018-3665.NASL", "href": "https://www.tenable.com/plugins/nessus/119248", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2018:3665 and \n# Oracle Linux Security Advisory ELSA-2018-3665 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119248);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/01\");\n\n script_cve_id(\"CVE-2018-15688\");\n script_xref(name:\"RHSA\", value:\"2018:3665\");\n\n script_name(english:\"Oracle Linux 7 : NetworkManager (ELSA-2018-3665)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"From Red Hat Security Advisory 2018:3665 :\n\nAn update for NetworkManager is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nNetworkManager is a system network service that manages network\ndevices and connections, attempting to keep active network\nconnectivity when available. Its capabilities include managing\nEthernet, wireless, mobile broadband (WWAN), and PPPoE devices, as\nwell as providing VPN integration with a variety of different VPN\nservices.\n\nSecurity Fix(es) :\n\n* systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option\nhandling (CVE-2018-15688)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nRed Hat would like to thank Ubuntu Security Team for reporting this\nissue. Upstream acknowledges Felix Wilhelm (Google) as the original\nreporter.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2018-November/008287.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected networkmanager packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15688\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager-adsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager-bluetooth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager-config-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager-dispatcher-routing-rules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager-libnm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager-libnm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager-ppp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager-team\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager-tui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager-wifi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:NetworkManager-wwan\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"NetworkManager-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"NetworkManager-adsl-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"NetworkManager-bluetooth-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"NetworkManager-config-server-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"NetworkManager-dispatcher-routing-rules-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"NetworkManager-glib-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"NetworkManager-glib-devel-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"NetworkManager-libnm-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"NetworkManager-libnm-devel-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"NetworkManager-ovs-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"NetworkManager-ppp-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"NetworkManager-team-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"NetworkManager-tui-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"NetworkManager-wifi-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"NetworkManager-wwan-1.12.0-8.el7_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"NetworkManager / NetworkManager-adsl / NetworkManager-bluetooth / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-31T14:31:53", "description": "According to the version of the NetworkManager packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : NetworkManager (EulerOS-SA-2019-1119)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688"], "modified": "2022-02-01T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:NetworkManager", "p-cpe:/a:huawei:euleros:NetworkManager-adsl", "p-cpe:/a:huawei:euleros:NetworkManager-bluetooth", "p-cpe:/a:huawei:euleros:NetworkManager-config-server", "p-cpe:/a:huawei:euleros:NetworkManager-glib", "p-cpe:/a:huawei:euleros:NetworkManager-libnm", "p-cpe:/a:huawei:euleros:NetworkManager-team", "p-cpe:/a:huawei:euleros:NetworkManager-tui", "p-cpe:/a:huawei:euleros:NetworkManager-wifi", "p-cpe:/a:huawei:euleros:NetworkManager-wwan", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1119.NASL", "href": "https://www.tenable.com/plugins/nessus/123593", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123593);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/01\");\n\n script_cve_id(\"CVE-2018-15688\");\n\n script_name(english:\"EulerOS 2.0 SP2 : NetworkManager (EulerOS-SA-2019-1119)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the NetworkManager packages installed,\nthe EulerOS installation on the remote host is affected by the\nfollowing vulnerability :\n\n - systemd: Out-of-bounds heap write in systemd-networkd\n dhcpv6 option handling (CVE-2018-15688)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1119\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c42e43b7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected NetworkManager package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15688\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-adsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-bluetooth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-config-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-libnm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-team\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-tui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-wifi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:NetworkManager-wwan\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"NetworkManager-1.10.2-16.h7\",\n \"NetworkManager-adsl-1.10.2-16.h7\",\n \"NetworkManager-bluetooth-1.10.2-16.h7\",\n \"NetworkManager-config-server-1.10.2-16.h7\",\n \"NetworkManager-glib-1.10.2-16.h7\",\n \"NetworkManager-libnm-1.10.2-16.h7\",\n \"NetworkManager-team-1.10.2-16.h7\",\n \"NetworkManager-tui-1.10.2-16.h7\",\n \"NetworkManager-wifi-1.10.2-16.h7\",\n \"NetworkManager-wwan-1.10.2-16.h7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"NetworkManager\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-31T18:16:12", "description": "An update for NetworkManager is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nNetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services.\n\nSecurity Fix(es) :\n\n* systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Ubuntu Security Team for reporting this issue. Upstream acknowledges Felix Wilhelm (Google) as the original reporter.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-12-14T00:00:00", "type": "nessus", "title": "CentOS 7 : NetworkManager (CESA-2018:3665)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688"], "modified": "2022-02-01T00:00:00", "cpe": ["p-cpe:/a:centos:centos:NetworkManager", "p-cpe:/a:centos:centos:NetworkManager-adsl", "p-cpe:/a:centos:centos:NetworkManager-bluetooth", "p-cpe:/a:centos:centos:NetworkManager-config-server", "p-cpe:/a:centos:centos:NetworkManager-dispatcher-routing-rules", "p-cpe:/a:centos:centos:NetworkManager-glib", "p-cpe:/a:centos:centos:NetworkManager-glib-devel", "p-cpe:/a:centos:centos:NetworkManager-libnm", "p-cpe:/a:centos:centos:NetworkManager-libnm-devel", "p-cpe:/a:centos:centos:NetworkManager-ovs", "p-cpe:/a:centos:centos:NetworkManager-ppp", "p-cpe:/a:centos:centos:NetworkManager-team", "p-cpe:/a:centos:centos:NetworkManager-tui", "p-cpe:/a:centos:centos:NetworkManager-wifi", "p-cpe:/a:centos:centos:NetworkManager-wwan", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2018-3665.NASL", "href": "https://www.tenable.com/plugins/nessus/119664", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:3665 and \n# CentOS Errata and Security Advisory 2018:3665 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119664);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/01\");\n\n script_cve_id(\"CVE-2018-15688\");\n script_xref(name:\"RHSA\", value:\"2018:3665\");\n\n script_name(english:\"CentOS 7 : NetworkManager (CESA-2018:3665)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for NetworkManager is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nNetworkManager is a system network service that manages network\ndevices and connections, attempting to keep active network\nconnectivity when available. Its capabilities include managing\nEthernet, wireless, mobile broadband (WWAN), and PPPoE devices, as\nwell as providing VPN integration with a variety of different VPN\nservices.\n\nSecurity Fix(es) :\n\n* systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option\nhandling (CVE-2018-15688)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nRed Hat would like to thank Ubuntu Security Team for reporting this\nissue. Upstream acknowledges Felix Wilhelm (Google) as the original\nreporter.\");\n # https://lists.centos.org/pipermail/centos-announce/2018-December/023116.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?aefa21a1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected networkmanager packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15688\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager-adsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager-bluetooth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager-config-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager-dispatcher-routing-rules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager-libnm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager-libnm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager-ppp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager-team\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager-tui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager-wifi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:NetworkManager-wwan\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"NetworkManager-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"NetworkManager-adsl-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"NetworkManager-bluetooth-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"NetworkManager-config-server-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"NetworkManager-dispatcher-routing-rules-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"NetworkManager-glib-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"NetworkManager-glib-devel-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"NetworkManager-libnm-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"NetworkManager-libnm-devel-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"NetworkManager-ovs-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"NetworkManager-ppp-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"NetworkManager-team-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"NetworkManager-tui-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"NetworkManager-wifi-1.12.0-8.el7_6\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"NetworkManager-wwan-1.12.0-8.el7_6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"NetworkManager / NetworkManager-adsl / NetworkManager-bluetooth / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:30:20", "description": "This update for systemd fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd.\n (bsc#1113632)\n\n - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation.\n (bsc#1113665)\n\nNon-security issues fixed :\n\n - dhcp6: split assert_return() to be more debuggable when hit\n\n - core: skip unit deserialization and move to the next one when unit_deserialize() fails\n\n - core: properly handle deserialization of unknown unit types (#6476)\n\n - core: don't create Requires for workdir if 'missing ok' (bsc#1113083)\n\n - logind: use manager_get_user_by_pid() where appropriate\n\n - logind: rework manager_get_(user|session)_by_pid() a bit\n\n - login: fix user@.service case, so we don't allow nested sessions (#8051) (bsc#1112024)\n\n - core: be more defensive if we can't determine per-connection socket peer (#7329)\n\n - socket-util: introduce port argument in sockaddr_port()\n\n - service: fixup ExecStop for socket-activated shutdown (#4120)\n\n - service: Continue shutdown on socket activated unit on termination (#4108) (bsc#1106923)\n\n - cryptsetup: build fixes for 'add support for sector-size= option'\n\n - udev-rules: IMPORT cmdline does not recognize keys with similar names (bsc#1111278)\n\n - core: keep the kernel coredump defaults when systemd-coredump is disabled\n\n - core: shorten main() a bit, split out coredump initialization\n\n - core: set RLIMIT_CORE to unlimited by default (bsc#1108835)\n\n - core/mount: fstype may be NULL\n\n - journald: don't ship systemd-journald-audit.socket (bsc#1109252)\n\n - core: make 'tmpfs' dependencies on swapfs a 'default' dep, not an 'implicit' (bsc#1110445)\n\n - mount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076)\n\n - tmp.mount.hm4: After swap.target (#3087)\n\n - Ship systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts. Therefore it's never been a SySV init tool.\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-19T00:00:00", "type": "nessus", "title": "openSUSE Security Update : systemd (openSUSE-2018-1423)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15686", "CVE-2018-15688"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libsystemd0", "p-cpe:/a:novell:opensuse:libsystemd0-32bit", "p-cpe:/a:novell:opensuse:libsystemd0-debuginfo", "p-cpe:/a:novell:opensuse:libsystemd0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsystemd0-mini", "p-cpe:/a:novell:opensuse:libsystemd0-mini-debuginfo", "p-cpe:/a:novell:opensuse:libudev-devel", "p-cpe:/a:novell:opensuse:libudev-mini-devel", "p-cpe:/a:novell:opensuse:libudev-mini1", "p-cpe:/a:novell:opensuse:libudev-mini1-debuginfo", "p-cpe:/a:novell:opensuse:libudev1", "p-cpe:/a:novell:opensuse:libudev1-32bit", "p-cpe:/a:novell:opensuse:libudev1-debuginfo", "p-cpe:/a:novell:opensuse:libudev1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:nss-myhostname", "p-cpe:/a:novell:opensuse:nss-myhostname-32bit", "p-cpe:/a:novell:opensuse:nss-myhostname-debuginfo", "p-cpe:/a:novell:opensuse:nss-myhostname-debuginfo-32bit", "p-cpe:/a:novell:opensuse:nss-mymachines", "p-cpe:/a:novell:opensuse:nss-mymachines-debuginfo", "p-cpe:/a:novell:opensuse:systemd", "p-cpe:/a:novell:opensuse:systemd-32bit", "p-cpe:/a:novell:opensuse:systemd-bash-completion", "p-cpe:/a:novell:opensuse:systemd-debuginfo", "p-cpe:/a:novell:opensuse:systemd-debuginfo-32bit", "p-cpe:/a:novell:opensuse:systemd-debugsource", "p-cpe:/a:novell:opensuse:systemd-devel", "p-cpe:/a:novell:opensuse:systemd-logger", "p-cpe:/a:novell:opensuse:systemd-mini", "p-cpe:/a:novell:opensuse:systemd-mini-bash-completion", "p-cpe:/a:novell:opensuse:systemd-mini-debuginfo", "p-cpe:/a:novell:opensuse:systemd-mini-debugsource", "p-cpe:/a:novell:opensuse:systemd-mini-devel", "p-cpe:/a:novell:opensuse:systemd-mini-sysvinit", "p-cpe:/a:novell:opensuse:systemd-sysvinit", "p-cpe:/a:novell:opensuse:udev", "p-cpe:/a:novell:opensuse:udev-debuginfo", "p-cpe:/a:novell:opensuse:udev-mini", "p-cpe:/a:novell:opensuse:udev-mini-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-1423.NASL", "href": "https://www.tenable.com/plugins/nessus/119028", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1423.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119028);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-15686\", \"CVE-2018-15688\");\n\n script_name(english:\"openSUSE Security Update : systemd (openSUSE-2018-1423)\");\n script_summary(english:\"Check for the openSUSE-2018-1423 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for systemd fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-15688: A buffer overflow vulnerability in the\n dhcp6 client of systemd allowed a malicious dhcp6 server\n to overwrite heap memory in systemd-networkd.\n (bsc#1113632)\n\n - CVE-2018-15686: A vulnerability in unit_deserialize of\n systemd allows an attacker to supply arbitrary state\n across systemd re-execution via NotifyAccess. This can\n be used to improperly influence systemd execution and\n possibly lead to root privilege escalation.\n (bsc#1113665)\n\nNon-security issues fixed :\n\n - dhcp6: split assert_return() to be more debuggable when\n hit\n\n - core: skip unit deserialization and move to the next one\n when unit_deserialize() fails\n\n - core: properly handle deserialization of unknown unit\n types (#6476)\n\n - core: don't create Requires for workdir if 'missing ok'\n (bsc#1113083)\n\n - logind: use manager_get_user_by_pid() where appropriate\n\n - logind: rework manager_get_(user|session)_by_pid() a bit\n\n - login: fix user@.service case, so we don't allow nested\n sessions (#8051) (bsc#1112024)\n\n - core: be more defensive if we can't determine\n per-connection socket peer (#7329)\n\n - socket-util: introduce port argument in sockaddr_port()\n\n - service: fixup ExecStop for socket-activated shutdown\n (#4120)\n\n - service: Continue shutdown on socket activated unit on\n termination (#4108) (bsc#1106923)\n\n - cryptsetup: build fixes for 'add support for\n sector-size= option'\n\n - udev-rules: IMPORT cmdline does not recognize keys with\n similar names (bsc#1111278)\n\n - core: keep the kernel coredump defaults when\n systemd-coredump is disabled\n\n - core: shorten main() a bit, split out coredump\n initialization\n\n - core: set RLIMIT_CORE to unlimited by default\n (bsc#1108835)\n\n - core/mount: fstype may be NULL\n\n - journald: don't ship systemd-journald-audit.socket\n (bsc#1109252)\n\n - core: make 'tmpfs' dependencies on swapfs a 'default'\n dep, not an 'implicit' (bsc#1110445)\n\n - mount: make sure we unmount tmpfs mounts before we\n deactivate swaps (#7076)\n\n - tmp.mount.hm4: After swap.target (#3087)\n\n - Ship systemd-sysv-install helper via the main package\n This script was part of systemd-sysvinit sub-package but\n it was wrong since systemd-sysv-install is a script used\n to redirect enable/disable operations to chkconfig when\n the unit targets are sysv init scripts. Therefore it's\n never been a SySV init tool.\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108835\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113665\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected systemd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsystemd0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsystemd0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsystemd0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsystemd0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsystemd0-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsystemd0-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev-mini-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev-mini1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev-mini1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-myhostname\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-myhostname-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-myhostname-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-myhostname-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-mymachines\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-mymachines-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-logger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-mini-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-mini-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-mini-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-mini-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:udev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:udev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:udev-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:udev-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsystemd0-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsystemd0-debuginfo-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsystemd0-mini-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsystemd0-mini-debuginfo-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libudev-devel-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libudev-mini-devel-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libudev-mini1-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libudev-mini1-debuginfo-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libudev1-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libudev1-debuginfo-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"nss-myhostname-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"nss-myhostname-debuginfo-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"nss-mymachines-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"nss-mymachines-debuginfo-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"systemd-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"systemd-bash-completion-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"systemd-debuginfo-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"systemd-debugsource-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"systemd-devel-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"systemd-logger-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"systemd-mini-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"systemd-mini-bash-completion-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"systemd-mini-debuginfo-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"systemd-mini-debugsource-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"systemd-mini-devel-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"systemd-mini-sysvinit-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"systemd-sysvinit-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"udev-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"udev-debuginfo-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"udev-mini-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"udev-mini-debuginfo-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsystemd0-32bit-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsystemd0-debuginfo-32bit-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libudev1-32bit-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libudev1-debuginfo-32bit-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"nss-myhostname-32bit-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"nss-myhostname-debuginfo-32bit-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"systemd-32bit-228-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"systemd-debuginfo-32bit-228-62.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsystemd0-mini / libsystemd0-mini-debuginfo / libudev-mini-devel / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-01T16:46:16", "description": "This update for systemd fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632)\n\nCVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation.\n(bsc#1113665)\n\nNon-security issues fixed: dhcp6: split assert_return() to be more debuggable when hit\n\ncore: skip unit deserialization and move to the next one when unit_deserialize() fails\n\ncore: properly handle deserialization of unknown unit types (#6476)\n\ncore: don't create Requires for workdir if 'missing ok' (bsc#1113083)\n\nlogind: use manager_get_user_by_pid() where appropriate\n\nlogind: rework manager_get_{user|session}_by_pid() a bit\n\nlogin: fix user@.service case, so we don't allow nested sessions (#8051) (bsc#1112024)\n\ncore: be more defensive if we can't determine per-connection socket peer (#7329)\n\nsocket-util: introduce port argument in sockaddr_port()\n\nservice: fixup ExecStop for socket-activated shutdown (#4120)\n\nservice: Continue shutdown on socket activated unit on termination (#4108) (bsc#1106923)\n\ncryptsetup: build fixes for 'add support for sector-size= option'\n\nudev-rules: IMPORT cmdline does not recognize keys with similar names (bsc#1111278)\n\ncore: keep the kernel coredump defaults when systemd-coredump is disabled\n\ncore: shorten main() a bit, split out coredump initialization\n\ncore: set RLIMIT_CORE to unlimited by default (bsc#1108835)\n\ncore/mount: fstype may be NULL\n\njournald: don't ship systemd-journald-audit.socket (bsc#1109252)\n\ncore: make 'tmpfs' dependencies on swapfs a 'default' dep, not an 'implicit' (bsc#1110445)\n\nmount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076)\n\ntmp.mount.hm4: After swap.target (#3087)\n\nShip systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts.\nTherefore it's never been a SySV init tool.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-15T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2018:3767-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15686", "CVE-2018-15688"], "modified": "2022-05-31T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libsystemd0", "p-cpe:/a:novell:suse_linux:libsystemd0-32bit", "p-cpe:/a:novell:suse_linux:libsystemd0-debuginfo", "p-cpe:/a:novell:suse_linux:libsystemd0-debuginfo-32bit", "p-cpe:/a:novell:suse_linux:libudev1", "p-cpe:/a:novell:suse_linux:libudev1-32bit", "p-cpe:/a:novell:suse_linux:libudev1-debuginfo", "p-cpe:/a:novell:suse_linux:libudev1-debuginfo-32bit", "p-cpe:/a:novell:suse_linux:systemd", "p-cpe:/a:novell:suse_linux:systemd-32bit", "p-cpe:/a:novell:suse_linux:systemd-debuginfo", "p-cpe:/a:novell:suse_linux:systemd-debuginfo-32bit", "p-cpe:/a:novell:suse_linux:systemd-debugsource", "p-cpe:/a:novell:suse_linux:systemd-sysvinit", "p-cpe:/a:novell:suse_linux:udev", "p-cpe:/a:novell:suse_linux:udev-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-3767-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118965", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3767-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118965);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/31\");\n\n script_cve_id(\"CVE-2018-15686\", \"CVE-2018-15688\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2018:3767-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for systemd fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of\nsystemd allowed a malicious dhcp6 server to overwrite heap memory in\nsystemd-networkd. (bsc#1113632)\n\nCVE-2018-15686: A vulnerability in unit_deserialize of systemd allows\nan attacker to supply arbitrary state across systemd re-execution via\nNotifyAccess. This can be used to improperly influence systemd\nexecution and possibly lead to root privilege escalation.\n(bsc#1113665)\n\nNon-security issues fixed: dhcp6: split assert_return() to be more\ndebuggable when hit\n\ncore: skip unit deserialization and move to the next one when\nunit_deserialize() fails\n\ncore: properly handle deserialization of unknown unit types (#6476)\n\ncore: don't create Requires for workdir if 'missing ok' (bsc#1113083)\n\nlogind: use manager_get_user_by_pid() where appropriate\n\nlogind: rework manager_get_{user|session}_by_pid() a bit\n\nlogin: fix user@.service case, so we don't allow nested sessions\n(#8051) (bsc#1112024)\n\ncore: be more defensive if we can't determine per-connection socket\npeer (#7329)\n\nsocket-util: introduce port argument in sockaddr_port()\n\nservice: fixup ExecStop for socket-activated shutdown (#4120)\n\nservice: Continue shutdown on socket activated unit on termination\n(#4108) (bsc#1106923)\n\ncryptsetup: build fixes for 'add support for sector-size= option'\n\nudev-rules: IMPORT cmdline does not recognize keys with similar names\n(bsc#1111278)\n\ncore: keep the kernel coredump defaults when systemd-coredump is\ndisabled\n\ncore: shorten main() a bit, split out coredump initialization\n\ncore: set RLIMIT_CORE to unlimited by default (bsc#1108835)\n\ncore/mount: fstype may be NULL\n\njournald: don't ship systemd-journald-audit.socket (bsc#1109252)\n\ncore: make 'tmpfs' dependencies on swapfs a 'default' dep, not an\n'implicit' (bsc#1110445)\n\nmount: make sure we unmount tmpfs mounts before we deactivate swaps\n(#7076)\n\ntmp.mount.hm4: After swap.target (#3087)\n\nShip systemd-sysv-install helper via the main package This script was\npart of systemd-sysvinit sub-package but it was wrong since\nsystemd-sysv-install is a script used to redirect enable/disable\noperations to chkconfig when the unit targets are sysv init scripts.\nTherefore it's never been a SySV init tool.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108835\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15686/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15688/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183767-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e736a246\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2018-2659=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-2659=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2018-2659=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-2659=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-2659=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2018-2659=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-2659=1\n\nSUSE Enterprise Storage 4:zypper in -t patch\nSUSE-Storage-4-2018-2659=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2659=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15686\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsystemd0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsystemd0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsystemd0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsystemd0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libudev1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libudev1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libudev1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libudev1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:udev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:udev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsystemd0-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsystemd0-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsystemd0-debuginfo-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsystemd0-debuginfo-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libudev1-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libudev1-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libudev1-debuginfo-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libudev1-debuginfo-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"systemd-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"systemd-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"systemd-debuginfo-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"systemd-debuginfo-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"systemd-debugsource-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"systemd-sysvinit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"udev-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"udev-debuginfo-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsystemd0-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsystemd0-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsystemd0-debuginfo-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsystemd0-debuginfo-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libudev1-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libudev1-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libudev1-debuginfo-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libudev1-debuginfo-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"systemd-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"systemd-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"systemd-debuginfo-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"systemd-debuginfo-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"systemd-debugsource-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"systemd-sysvinit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"udev-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"udev-debuginfo-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsystemd0-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsystemd0-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsystemd0-debuginfo-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsystemd0-debuginfo-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libudev1-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libudev1-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libudev1-debuginfo-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libudev1-debuginfo-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"systemd-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"systemd-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"systemd-debuginfo-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"systemd-debuginfo-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"systemd-debugsource-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"systemd-sysvinit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"udev-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"udev-debuginfo-228-150.53.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:30:24", "description": "This update for systemd fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd.\n (bsc#1113632)\n\n - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation.\n (bsc#1113665)\n\nNon security issues fixed :\n\n - dhcp6: split assert_return() to be more debuggable when hit\n\n - core: skip unit deserialization and move to the next one when unit_deserialize() fails\n\n - core: properly handle deserialization of unknown unit types (#6476)\n\n - core: don't create Requires for workdir if 'missing ok' (bsc#1113083)\n\n - logind: use manager_get_user_by_pid() where appropriate\n\n - logind: rework manager_get_{user|session}_by_pid() a bit\n\n - login: fix user@.service case, so we don't allow nested sessions (#8051) (bsc#1112024)\n\n - core: be more defensive if we can't determine per-connection socket peer (#7329)\n\n - core: introduce systemd.early_core_pattern= kernel cmdline option\n\n - core: add missing 'continue' statement\n\n - core/mount: fstype may be NULL\n\n - journald: don't ship systemd-journald-audit.socket (bsc#1109252)\n\n - core: make 'tmpfs' dependencies on swapfs a 'default' dep, not an 'implicit' (bsc#1110445)\n\n - mount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076)\n\n - detect-virt: do not try to read all of /proc/cpuinfo (bsc#1109197)\n\n - emergency: make sure console password agents don't interfere with the emergency shell\n\n - man: document that 'nofail' also has an effect on ordering\n\n - journald: take leading spaces into account in syslog_parse_identifier\n\n - journal: do not remove multiple spaces after identifier in syslog message\n\n - syslog: fix segfault in syslog_parse_priority()\n\n - journal: fix syslog_parse_identifier()\n\n - install: drop left-over debug message (#6913)\n\n - Ship systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts. Therefore it's never been a SySV init tool.\n\n - Add udev.no-partlabel-links kernel command-line option.\n This option can be used to disable the generation of the by-partlabel symlinks regardless of the name used.\n (bsc#1089761)\n\n - man: SystemMaxUse= clarification in journald.conf(5).\n (bsc#1101040)\n\n - systemctl: load unit if needed in 'systemctl is-active' (bsc#1102908)\n\n - core: don't freeze OnCalendar= timer units when the clock goes back a lot (bsc#1090944)\n\n - Enable or disable machines.target according to the presets (bsc#1107941)\n\n - cryptsetup: add support for sector-size= option (fate#325697)\n\n - nspawn: always use permission mode 555 for /sys (bsc#1107640)\n\n - Bugfix for a race condition between daemon-reload and other commands (bsc#1105031)\n\n - Fixes an issue where login with root credentials was not possible in init level 5 (bsc#1091677)\n\n - Fix an issue where services of type 'notify' harmless DENIED log entries. (bsc#991901)\n\n - Does no longer adjust qgroups on existing subvolumes (bsc#1093753)\n\n - cryptsetup: add support for sector-size= option (#9936) (fate#325697 bsc#1114135)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : systemd (openSUSE-2018-1382)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15686", "CVE-2018-15688"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libsystemd0", "p-cpe:/a:novell:opensuse:libsystemd0-32bit", "p-cpe:/a:novell:opensuse:libsystemd0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsystemd0-debuginfo", "p-cpe:/a:novell:opensuse:libsystemd0-mini", "p-cpe:/a:novell:opensuse:libsystemd0-mini-debuginfo", "p-cpe:/a:novell:opensuse:libudev-devel", "p-cpe:/a:novell:opensuse:libudev-devel-32bit", "p-cpe:/a:novell:opensuse:libudev-mini-devel", "p-cpe:/a:novell:opensuse:libudev-mini1", "p-cpe:/a:novell:opensuse:libudev-mini1-debuginfo", "p-cpe:/a:novell:opensuse:libudev1", "p-cpe:/a:novell:opensuse:libudev1-32bit", "p-cpe:/a:novell:opensuse:libudev1-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libudev1-debuginfo", "p-cpe:/a:novell:opensuse:nss-myhostname", "p-cpe:/a:novell:opensuse:nss-myhostname-32bit", "p-cpe:/a:novell:opensuse:nss-myhostname-32bit-debuginfo", "p-cpe:/a:novell:opensuse:nss-myhostname-debuginfo", "p-cpe:/a:novell:opensuse:nss-mymachines", "p-cpe:/a:novell:opensuse:nss-mymachines-32bit", "p-cpe:/a:novell:opensuse:nss-mymachines-32bit-debuginfo", "p-cpe:/a:novell:opensuse:nss-mymachines-debuginfo", "p-cpe:/a:novell:opensuse:nss-systemd", "p-cpe:/a:novell:opensuse:nss-systemd-debuginfo", "p-cpe:/a:novell:opensuse:systemd", "p-cpe:/a:novell:opensuse:systemd-32bit", "p-cpe:/a:novell:opensuse:systemd-32bit-debuginfo", "p-cpe:/a:novell:opensuse:systemd-bash-completion", "p-cpe:/a:novell:opensuse:systemd-container", "p-cpe:/a:novell:opensuse:systemd-container-debuginfo", "p-cpe:/a:novell:opensuse:systemd-coredump", "p-cpe:/a:novell:opensuse:systemd-coredump-debuginfo", "p-cpe:/a:novell:opensuse:systemd-debuginfo", "p-cpe:/a:novell:opensuse:systemd-debugsource", "p-cpe:/a:novell:opensuse:systemd-devel", "p-cpe:/a:novell:opensuse:systemd-logger", "p-cpe:/a:novell:opensuse:systemd-mini", "p-cpe:/a:novell:opensuse:systemd-mini-bash-completion", "p-cpe:/a:novell:opensuse:systemd-mini-container-mini", "p-cpe:/a:novell:opensuse:systemd-mini-container-mini-debuginfo", "p-cpe:/a:novell:opensuse:systemd-mini-coredump-mini", "p-cpe:/a:novell:opensuse:systemd-mini-coredump-mini-debuginfo", "p-cpe:/a:novell:opensuse:systemd-mini-debuginfo", "p-cpe:/a:novell:opensuse:systemd-mini-debugsource", "p-cpe:/a:novell:opensuse:systemd-mini-devel", "p-cpe:/a:novell:opensuse:systemd-mini-sysvinit", "p-cpe:/a:novell:opensuse:systemd-sysvinit", "p-cpe:/a:novell:opensuse:udev", "p-cpe:/a:novell:opensuse:udev-debuginfo", "p-cpe:/a:novell:opensuse:udev-mini", "p-cpe:/a:novell:opensuse:udev-mini-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2018-1382.NASL", "href": "https://www.tenable.com/plugins/nessus/118878", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1382.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118878);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-15686\", \"CVE-2018-15688\");\n\n script_name(english:\"openSUSE Security Update : systemd (openSUSE-2018-1382)\");\n script_summary(english:\"Check for the openSUSE-2018-1382 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for systemd fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-15688: A buffer overflow vulnerability in the\n dhcp6 client of systemd allowed a malicious dhcp6 server\n to overwrite heap memory in systemd-networkd.\n (bsc#1113632)\n\n - CVE-2018-15686: A vulnerability in unit_deserialize of\n systemd allows an attacker to supply arbitrary state\n across systemd re-execution via NotifyAccess. This can\n be used to improperly influence systemd execution and\n possibly lead to root privilege escalation.\n (bsc#1113665)\n\nNon security issues fixed :\n\n - dhcp6: split assert_return() to be more debuggable when\n hit\n\n - core: skip unit deserialization and move to the next one\n when unit_deserialize() fails\n\n - core: properly handle deserialization of unknown unit\n types (#6476)\n\n - core: don't create Requires for workdir if 'missing ok'\n (bsc#1113083)\n\n - logind: use manager_get_user_by_pid() where appropriate\n\n - logind: rework manager_get_{user|session}_by_pid() a bit\n\n - login: fix user@.service case, so we don't allow nested\n sessions (#8051) (bsc#1112024)\n\n - core: be more defensive if we can't determine\n per-connection socket peer (#7329)\n\n - core: introduce systemd.early_core_pattern= kernel\n cmdline option\n\n - core: add missing 'continue' statement\n\n - core/mount: fstype may be NULL\n\n - journald: don't ship systemd-journald-audit.socket\n (bsc#1109252)\n\n - core: make 'tmpfs' dependencies on swapfs a 'default'\n dep, not an 'implicit' (bsc#1110445)\n\n - mount: make sure we unmount tmpfs mounts before we\n deactivate swaps (#7076)\n\n - detect-virt: do not try to read all of /proc/cpuinfo\n (bsc#1109197)\n\n - emergency: make sure console password agents don't\n interfere with the emergency shell\n\n - man: document that 'nofail' also has an effect on\n ordering\n\n - journald: take leading spaces into account in\n syslog_parse_identifier\n\n - journal: do not remove multiple spaces after identifier\n in syslog message\n\n - syslog: fix segfault in syslog_parse_priority()\n\n - journal: fix syslog_parse_identifier()\n\n - install: drop left-over debug message (#6913)\n\n - Ship systemd-sysv-install helper via the main package\n This script was part of systemd-sysvinit sub-package but\n it was wrong since systemd-sysv-install is a script used\n to redirect enable/disable operations to chkconfig when\n the unit targets are sysv init scripts. Therefore it's\n never been a SySV init tool.\n\n - Add udev.no-partlabel-links kernel command-line option.\n This option can be used to disable the generation of the\n by-partlabel symlinks regardless of the name used.\n (bsc#1089761)\n\n - man: SystemMaxUse= clarification in journald.conf(5).\n (bsc#1101040)\n\n - systemctl: load unit if needed in 'systemctl is-active'\n (bsc#1102908)\n\n - core: don't freeze OnCalendar= timer units when the\n clock goes back a lot (bsc#1090944)\n\n - Enable or disable machines.target according to the\n presets (bsc#1107941)\n\n - cryptsetup: add support for sector-size= option\n (fate#325697)\n\n - nspawn: always use permission mode 555 for /sys\n (bsc#1107640)\n\n - Bugfix for a race condition between daemon-reload and\n other commands (bsc#1105031)\n\n - Fixes an issue where login with root credentials was not\n possible in init level 5 (bsc#1091677)\n\n - Fix an issue where services of type 'notify' harmless\n DENIED log entries. (bsc#991901)\n\n - Does no longer adjust qgroups on existing subvolumes\n (bsc#1093753)\n\n - cryptsetup: add support for sector-size= option (#9936)\n (fate#325697 bsc#1114135)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089761\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1090944\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1091677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1093753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1105031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107941\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=991901\"\n );\n # https://features.opensuse.org/325697\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected systemd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsystemd0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsystemd0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsystemd0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsystemd0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsystemd0-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsystemd0-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev-mini-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev-mini1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev-mini1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev1-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-myhostname\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-myhostname-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-myhostname-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-myhostname-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-mymachines\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-mymachines-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-mymachines-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-mymachines-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-systemd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-container-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-coredump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-coredump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-logger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-mini-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-mini-container-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-mini-container-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-mini-coredump-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-mini-coredump-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-mini-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-mini-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-mini-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:udev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:udev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:udev-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:udev-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/09\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libsystemd0-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libsystemd0-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libsystemd0-mini-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libsystemd0-mini-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libudev-devel-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libudev-mini-devel-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libudev-mini1-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libudev-mini1-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libudev1-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libudev1-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"nss-myhostname-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"nss-myhostname-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"nss-mymachines-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"nss-mymachines-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"nss-systemd-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"nss-systemd-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-bash-completion-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-container-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-container-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-coredump-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-coredump-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-debugsource-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-devel-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-logger-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-mini-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-mini-bash-completion-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-mini-container-mini-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-mini-container-mini-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-mini-coredump-mini-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-mini-coredump-mini-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-mini-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-mini-debugsource-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-mini-devel-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-mini-sysvinit-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-sysvinit-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"udev-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"udev-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"udev-mini-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"udev-mini-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libsystemd0-32bit-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libsystemd0-32bit-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libudev-devel-32bit-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libudev1-32bit-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libudev1-32bit-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"nss-myhostname-32bit-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"nss-myhostname-32bit-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"nss-mymachines-32bit-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"nss-mymachines-32bit-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"systemd-32bit-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"systemd-32bit-debuginfo-234-lp150.20.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsystemd0-mini / libsystemd0-mini-debuginfo / libudev-mini-devel / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-30T17:48:12", "description": "This update for systemd fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632)\n\nCVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation.\n(bsc#1113665)\n\nNon security issues fixed: dhcp6: split assert_return() to be more debuggable when hit\n\ncore: skip unit deserialization and move to the next one when unit_deserialize() fails\n\ncore: properly handle deserialization of unknown unit types (#6476)\n\ncore: don't create Requires for workdir if 'missing ok' (bsc#1113083)\n\nlogind: use manager_get_user_by_pid() where appropriate\n\nlogind: rework manager_get_{user|session}_by_pid() a bit\n\nlogin: fix user@.service case, so we don't allow nested sessions (#8051) (bsc#1112024)\n\ncore: be more defensive if we can't determine per-connection socket peer (#7329)\n\ncore: introduce systemd.early_core_pattern= kernel cmdline option\n\ncore: add missing 'continue' statement\n\ncore/mount: fstype may be NULL\n\njournald: don't ship systemd-journald-audit.socket (bsc#1109252)\n\ncore: make 'tmpfs' dependencies on swapfs a 'default' dep, not an 'implicit' (bsc#1110445)\n\nmount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076)\n\ndetect-virt: do not try to read all of /proc/cpuinfo (bsc#1109197)\n\nemergency: make sure console password agents don't interfere with the emergency shell\n\nman: document that 'nofail' also has an effect on ordering\n\njournald: take leading spaces into account in syslog_parse_identifier\n\njournal: do not remove multiple spaces after identifier in syslog message\n\nsyslog: fix segfault in syslog_parse_priority()\n\njournal: fix syslog_parse_identifier()\n\ninstall: drop left-over debug message (#6913)\n\nShip systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts.\nTherefore it's never been a SySV init tool.\n\nAdd udev.no-partlabel-links kernel command-line option. This option can be used to disable the generation of the by-partlabel symlinks regardless of the name used. (bsc#1089761)\n\nman: SystemMaxUse= clarification in journald.conf(5). (bsc#1101040)\n\nsystemctl: load unit if needed in 'systemctl is-active' (bsc#1102908)\n\ncore: don't freeze OnCalendar= timer units when the clock goes back a lot (bsc#1090944)\n\nEnable or disable machines.target according to the presets (bsc#1107941)\n\ncryptsetup: add support for sector-size= option (fate#325697)\n\nnspawn: always use permission mode 555 for /sys (bsc#1107640)\n\nBugfix for a race condition between daemon-reload and other commands (bsc#1105031)\n\nFixes an issue where login with root credentials was not possible in init level 5 (bsc#1091677)\n\nFix an issue where services of type 'notify' harmless DENIED log entries. (bsc#991901)\n\nDoes no longer adjust qgroups on existing subvolumes (bsc#1093753)\n\ncryptsetup: add support for sector-size= option (#9936) (fate#325697 bsc#1114135)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-02T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2018:3644-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15686", "CVE-2018-15688"], "modified": "2022-05-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libsystemd0", "p-cpe:/a:novell:suse_linux:libsystemd0-32bit", "p-cpe:/a:novell:suse_linux:libsystemd0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsystemd0-debuginfo", "p-cpe:/a:novell:suse_linux:libsystemd0-mini", "p-cpe:/a:novell:suse_linux:libsystemd0-mini-debuginfo", "p-cpe:/a:novell:suse_linux:libudev-devel", "p-cpe:/a:novell:suse_linux:libudev-mini-devel", "p-cpe:/a:novell:suse_linux:libudev-mini1", "p-cpe:/a:novell:suse_linux:libudev-mini1-debuginfo", "p-cpe:/a:novell:suse_linux:libudev1", "p-cpe:/a:novell:suse_linux:libudev1-32bit", "p-cpe:/a:novell:suse_linux:libudev1-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libudev1-debuginfo", "p-cpe:/a:novell:suse_linux:nss-myhostname", "p-cpe:/a:novell:suse_linux:nss-myhostname-debuginfo", "p-cpe:/a:novell:suse_linux:nss-mymachines", "p-cpe:/a:novell:suse_linux:nss-mymachines-debuginfo", "p-cpe:/a:novell:suse_linux:nss-systemd", "p-cpe:/a:novell:suse_linux:nss-systemd-debuginfo", "p-cpe:/a:novell:suse_linux:systemd", "p-cpe:/a:novell:suse_linux:systemd-32bit", "p-cpe:/a:novell:suse_linux:systemd-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:systemd-container", "p-cpe:/a:novell:suse_linux:systemd-container-debuginfo", "p-cpe:/a:novell:suse_linux:systemd-coredump", "p-cpe:/a:novell:suse_linux:systemd-coredump-debuginfo", "p-cpe:/a:novell:suse_linux:systemd-debuginfo", "p-cpe:/a:novell:suse_linux:systemd-debugsource", "p-cpe:/a:novell:suse_linux:systemd-devel", "p-cpe:/a:novell:suse_linux:systemd-logger", "p-cpe:/a:novell:suse_linux:systemd-mini", "p-cpe:/a:novell:suse_linux:systemd-mini-container-mini", "p-cpe:/a:novell:suse_linux:systemd-mini-container-mini-debuginfo", "p-cpe:/a:novell:suse_linux:systemd-mini-coredump-mini", "p-cpe:/a:novell:suse_linux:systemd-mini-coredump-mini-debuginfo", "p-cpe:/a:novell:suse_linux:systemd-mini-debuginfo", "p-cpe:/a:novell:suse_linux:systemd-mini-debugsource", "p-cpe:/a:novell:suse_linux:systemd-mini-devel", "p-cpe:/a:novell:suse_linux:systemd-mini-sysvinit", "p-cpe:/a:novell:suse_linux:systemd-sysvinit", "p-cpe:/a:novell:suse_linux:udev", "p-cpe:/a:novell:suse_linux:udev-debuginfo", "p-cpe:/a:novell:suse_linux:udev-mini", "p-cpe:/a:novell:suse_linux:udev-mini-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2018-3644-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120157", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3644-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120157);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\"CVE-2018-15686\", \"CVE-2018-15688\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2018:3644-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for systemd fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of\nsystemd allowed a malicious dhcp6 server to overwrite heap memory in\nsystemd-networkd. (bsc#1113632)\n\nCVE-2018-15686: A vulnerability in unit_deserialize of systemd allows\nan attacker to supply arbitrary state across systemd re-execution via\nNotifyAccess. This can be used to improperly influence systemd\nexecution and possibly lead to root privilege escalation.\n(bsc#1113665)\n\nNon security issues fixed: dhcp6: split assert_return() to be more\ndebuggable when hit\n\ncore: skip unit deserialization and move to the next one when\nunit_deserialize() fails\n\ncore: properly handle deserialization of unknown unit types (#6476)\n\ncore: don't create Requires for workdir if 'missing ok' (bsc#1113083)\n\nlogind: use manager_get_user_by_pid() where appropriate\n\nlogind: rework manager_get_{user|session}_by_pid() a bit\n\nlogin: fix user@.service case, so we don't allow nested sessions\n(#8051) (bsc#1112024)\n\ncore: be more defensive if we can't determine per-connection socket\npeer (#7329)\n\ncore: introduce systemd.early_core_pattern= kernel cmdline option\n\ncore: add missing 'continue' statement\n\ncore/mount: fstype may be NULL\n\njournald: don't ship systemd-journald-audit.socket (bsc#1109252)\n\ncore: make 'tmpfs' dependencies on swapfs a 'default' dep, not an\n'implicit' (bsc#1110445)\n\nmount: make sure we unmount tmpfs mounts before we deactivate swaps\n(#7076)\n\ndetect-virt: do not try to read all of /proc/cpuinfo (bsc#1109197)\n\nemergency: make sure console password agents don't interfere with the\nemergency shell\n\nman: document that 'nofail' also has an effect on ordering\n\njournald: take leading spaces into account in syslog_parse_identifier\n\njournal: do not remove multiple spaces after identifier in syslog\nmessage\n\nsyslog: fix segfault in syslog_parse_priority()\n\njournal: fix syslog_parse_identifier()\n\ninstall: drop left-over debug message (#6913)\n\nShip systemd-sysv-install helper via the main package This script was\npart of systemd-sysvinit sub-package but it was wrong since\nsystemd-sysv-install is a script used to redirect enable/disable\noperations to chkconfig when the unit targets are sysv init scripts.\nTherefore it's never been a SySV init tool.\n\nAdd udev.no-partlabel-links kernel command-line option. This option\ncan be used to disable the generation of the by-partlabel symlinks\nregardless of the name used. (bsc#1089761)\n\nman: SystemMaxUse= clarification in journald.conf(5). (bsc#1101040)\n\nsystemctl: load unit if needed in 'systemctl is-active' (bsc#1102908)\n\ncore: don't freeze OnCalendar= timer units when the clock goes back a\nlot (bsc#1090944)\n\nEnable or disable machines.target according to the presets\n(bsc#1107941)\n\ncryptsetup: add support for sector-size= option (fate#325697)\n\nnspawn: always use permission mode 555 for /sys (bsc#1107640)\n\nBugfix for a race condition between daemon-reload and other commands\n(bsc#1105031)\n\nFixes an issue where login with root credentials was not possible in\ninit level 5 (bsc#1091677)\n\nFix an issue where services of type 'notify' harmless DENIED log\nentries. (bsc#991901)\n\nDoes no longer adjust qgroups on existing subvolumes (bsc#1093753)\n\ncryptsetup: add support for sector-size= option (#9936) (fate#325697\nbsc#1114135)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089761\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090944\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1093753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107941\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991901\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15686/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15688/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183644-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?39c656f2\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2018-2595=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2018-2595=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15686\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsystemd0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsystemd0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsystemd0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsystemd0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsystemd0-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsystemd0-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libudev-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libudev-mini-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libudev-mini1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libudev-mini1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libudev1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libudev1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libudev1-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libudev1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nss-myhostname\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nss-myhostname-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nss-mymachines\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nss-mymachines-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nss-systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nss-systemd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-container-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-coredump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-coredump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-logger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-mini-container-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-mini-container-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-mini-coredump-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-mini-coredump-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-mini-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-mini-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-mini-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:udev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:udev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:udev-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:udev-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libsystemd0-32bit-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libsystemd0-32bit-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libudev1-32bit-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libudev1-32bit-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"systemd-32bit-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"systemd-32bit-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libsystemd0-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libsystemd0-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libsystemd0-mini-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libsystemd0-mini-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libudev-devel-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libudev-mini-devel-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libudev-mini1-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libudev-mini1-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libudev1-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libudev1-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nss-myhostname-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nss-myhostname-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nss-mymachines-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nss-mymachines-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nss-systemd-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nss-systemd-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"systemd-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"systemd-container-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"systemd-container-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"systemd-coredump-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"systemd-coredump-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"systemd-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"systemd-debugsource-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"systemd-devel-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"systemd-logger-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"systemd-mini-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"systemd-mini-container-mini-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"systemd-mini-container-mini-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"systemd-mini-coredump-mini-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"systemd-mini-coredump-mini-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"systemd-mini-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"systemd-mini-debugsource-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"systemd-mini-devel-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"systemd-mini-sysvinit-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"systemd-sysvinit-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"udev-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"udev-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"udev-mini-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"udev-mini-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libsystemd0-32bit-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libsystemd0-32bit-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libudev1-32bit-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libudev1-32bit-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"systemd-32bit-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"systemd-32bit-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libsystemd0-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libsystemd0-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libsystemd0-mini-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libsystemd0-mini-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libudev-devel-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libudev-mini-devel-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libudev-mini1-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libudev-mini1-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libudev1-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libudev1-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"nss-myhostname-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"nss-myhostname-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"nss-mymachines-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"nss-mymachines-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"nss-systemd-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"nss-systemd-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"systemd-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"systemd-container-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"systemd-container-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"systemd-coredump-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"systemd-coredump-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"systemd-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"systemd-debugsource-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"systemd-devel-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"systemd-logger-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"systemd-mini-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"systemd-mini-container-mini-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"systemd-mini-container-mini-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"systemd-mini-coredump-mini-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"systemd-mini-coredump-mini-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"systemd-mini-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"systemd-mini-debugsource-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"systemd-mini-devel-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"systemd-mini-sysvinit-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"systemd-sysvinit-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"udev-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"udev-debuginfo-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"udev-mini-234-24.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"udev-mini-debuginfo-234-24.15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-01T16:49:51", "description": "This update for systemd fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632)\n\nCVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation.\n(bsc#1113665)\n\nNon-security issues fixed: dhcp6: split assert_return() to be more debuggable when hit\n\ncore: skip unit deserialization and move to the next one when unit_deserialize() fails\n\ncore: properly handle deserialization of unknown unit types (#6476)\n\ncore: don't create Requires for workdir if 'missing ok' (bsc#1113083)\n\nlogind: use manager_get_user_by_pid() where appropriate\n\nlogind: rework manager_get_{user|session}_by_pid() a bit\n\nlogin: fix user@.service case, so we don't allow nested sessions (#8051) (bsc#1112024)\n\ncore: be more defensive if we can't determine per-connection socket peer (#7329)\n\nsocket-util: introduce port argument in sockaddr_port()\n\nservice: fixup ExecStop for socket-activated shutdown (#4120)\n\nservice: Continue shutdown on socket activated unit on termination (#4108) (bsc#1106923)\n\ncryptsetup: build fixes for 'add support for sector-size= option'\n\nudev-rules: IMPORT cmdline does not recognize keys with similar names (bsc#1111278)\n\ncore: keep the kernel coredump defaults when systemd-coredump is disabled\n\ncore: shorten main() a bit, split out coredump initialization\n\ncore: set RLIMIT_CORE to unlimited by default (bsc#1108835)\n\ncore/mount: fstype may be NULL\n\njournald: don't ship systemd-journald-audit.socket (bsc#1109252)\n\ncore: make 'tmpfs' dependencies on swapfs a 'default' dep, not an 'implicit' (bsc#1110445)\n\nmount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076)\n\ntmp.mount.hm4: After swap.target (#3087)\n\nShip systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts.\nTherefore it's never been a SySV init tool.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-12-11T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2018:3767-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15686", "CVE-2018-15688"], "modified": "2022-05-31T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libsystemd0", "p-cpe:/a:novell:suse_linux:libsystemd0-32bit", "p-cpe:/a:novell:suse_linux:libsystemd0-debuginfo", "p-cpe:/a:novell:suse_linux:libsystemd0-debuginfo-32bit", "p-cpe:/a:novell:suse_linux:libudev1", "p-cpe:/a:novell:suse_linux:libudev1-32bit", "p-cpe:/a:novell:suse_linux:libudev1-debuginfo", "p-cpe:/a:novell:suse_linux:libudev1-debuginfo-32bit", "p-cpe:/a:novell:suse_linux:systemd", "p-cpe:/a:novell:suse_linux:systemd-32bit", "p-cpe:/a:novell:suse_linux:systemd-debuginfo", "p-cpe:/a:novell:suse_linux:systemd-debuginfo-32bit", "p-cpe:/a:novell:suse_linux:systemd-debugsource", "p-cpe:/a:novell:suse_linux:systemd-sysvinit", "p-cpe:/a:novell:suse_linux:udev", "p-cpe:/a:novell:suse_linux:udev-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-3767-2.NASL", "href": "https://www.tenable.com/plugins/nessus/119575", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3767-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119575);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/31\");\n\n script_cve_id(\"CVE-2018-15686\", \"CVE-2018-15688\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2018:3767-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for systemd fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of\nsystemd allowed a malicious dhcp6 server to overwrite heap memory in\nsystemd-networkd. (bsc#1113632)\n\nCVE-2018-15686: A vulnerability in unit_deserialize of systemd allows\nan attacker to supply arbitrary state across systemd re-execution via\nNotifyAccess. This can be used to improperly influence systemd\nexecution and possibly lead to root privilege escalation.\n(bsc#1113665)\n\nNon-security issues fixed: dhcp6: split assert_return() to be more\ndebuggable when hit\n\ncore: skip unit deserialization and move to the next one when\nunit_deserialize() fails\n\ncore: properly handle deserialization of unknown unit types (#6476)\n\ncore: don't create Requires for workdir if 'missing ok' (bsc#1113083)\n\nlogind: use manager_get_user_by_pid() where appropriate\n\nlogind: rework manager_get_{user|session}_by_pid() a bit\n\nlogin: fix user@.service case, so we don't allow nested sessions\n(#8051) (bsc#1112024)\n\ncore: be more defensive if we can't determine per-connection socket\npeer (#7329)\n\nsocket-util: introduce port argument in sockaddr_port()\n\nservice: fixup ExecStop for socket-activated shutdown (#4120)\n\nservice: Continue shutdown on socket activated unit on termination\n(#4108) (bsc#1106923)\n\ncryptsetup: build fixes for 'add support for sector-size= option'\n\nudev-rules: IMPORT cmdline does not recognize keys with similar names\n(bsc#1111278)\n\ncore: keep the kernel coredump defaults when systemd-coredump is\ndisabled\n\ncore: shorten main() a bit, split out coredump initialization\n\ncore: set RLIMIT_CORE to unlimited by default (bsc#1108835)\n\ncore/mount: fstype may be NULL\n\njournald: don't ship systemd-journald-audit.socket (bsc#1109252)\n\ncore: make 'tmpfs' dependencies on swapfs a 'default' dep, not an\n'implicit' (bsc#1110445)\n\nmount: make sure we unmount tmpfs mounts before we deactivate swaps\n(#7076)\n\ntmp.mount.hm4: After swap.target (#3087)\n\nShip systemd-sysv-install helper via the main package This script was\npart of systemd-sysvinit sub-package but it was wrong since\nsystemd-sysv-install is a script used to redirect enable/disable\noperations to chkconfig when the unit targets are sysv init scripts.\nTherefore it's never been a SySV init tool.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108835\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15686/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15688/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183767-2/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bf2aea0b\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2018-2659=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2018-2659=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2018-2659=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15686\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsystemd0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsystemd0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsystemd0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsystemd0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libudev1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libudev1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libudev1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libudev1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:systemd-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:udev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:udev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsystemd0-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsystemd0-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsystemd0-debuginfo-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsystemd0-debuginfo-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libudev1-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libudev1-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libudev1-debuginfo-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libudev1-debuginfo-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"systemd-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"systemd-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"systemd-debuginfo-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"systemd-debuginfo-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"systemd-debugsource-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"systemd-sysvinit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"udev-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"udev-debuginfo-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libsystemd0-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libsystemd0-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libsystemd0-debuginfo-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libsystemd0-debuginfo-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libudev1-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libudev1-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libudev1-debuginfo-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libudev1-debuginfo-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"systemd-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"systemd-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"systemd-debuginfo-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"systemd-debuginfo-32bit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"systemd-debugsource-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"systemd-sysvinit-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"udev-228-150.53.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"udev-debuginfo-228-150.53.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:27:43", "description": "This update for systemd fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd.\n (bsc#1113632)\n\n - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation.\n (bsc#1113665)\n\nNon security issues fixed :\n\n - dhcp6: split assert_return() to be more debuggable when hit\n\n - core: skip unit deserialization and move to the next one when unit_deserialize() fails\n\n - core: properly handle deserialization of unknown unit types (#6476)\n\n - core: don't create Requires for workdir if 'missing ok' (bsc#1113083)\n\n - logind: use manager_get_user_by_pid() where appropriate\n\n - logind: rework manager_get_(user|session)_by_pid() a bit\n\n - login: fix user@.service case, so we don't allow nested sessions (#8051) (bsc#1112024)\n\n - core: be more defensive if we can't determine per-connection socket peer (#7329)\n\n - core: introduce systemd.early_core_pattern= kernel cmdline option\n\n - core: add missing 'continue' statement\n\n - core/mount: fstype may be NULL\n\n - journald: don't ship systemd-journald-audit.socket (bsc#1109252)\n\n - core: make 'tmpfs' dependencies on swapfs a 'default' dep, not an 'implicit' (bsc#1110445)\n\n - mount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076)\n\n - detect-virt: do not try to read all of /proc/cpuinfo (bsc#1109197)\n\n - emergency: make sure console password agents don't interfere with the emergency shell\n\n - man: document that 'nofail' also has an effect on ordering\n\n - journald: take leading spaces into account in syslog_parse_identifier\n\n - journal: do not remove multiple spaces after identifier in syslog message\n\n - syslog: fix segfault in syslog_parse_priority()\n\n - journal: fix syslog_parse_identifier()\n\n - install: drop left-over debug message (#6913)\n\n - Ship systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts. Therefore it's never been a SySV init tool.\n\n - Add udev.no-partlabel-links kernel command-line option.\n This option can be used to disable the generation of the by-partlabel symlinks regardless of the name used.\n (bsc#1089761)\n\n - man: SystemMaxUse= clarification in journald.conf(5).\n (bsc#1101040)\n\n - systemctl: load unit if needed in 'systemctl is-active' (bsc#1102908)\n\n - core: don't freeze OnCalendar= timer units when the clock goes back a lot (bsc#1090944)\n\n - Enable or disable machines.target according to the presets (bsc#1107941)\n\n - cryptsetup: add support for sector-size= option (fate#325697)\n\n - nspawn: always use permission mode 555 for /sys (bsc#1107640)\n\n - Bugfix for a race condition between daemon-reload and other commands (bsc#1105031)\n\n - Fixes an issue where login with root credentials was not possible in init level 5 (bsc#1091677)\n\n - Fix an issue where services of type 'notify' harmless DENIED log entries. (bsc#991901)\n\n - Does no longer adjust qgroups on existing subvolumes (bsc#1093753)\n\n - cryptsetup: add support for sector-size= option (#9936) (fate#325697 bsc#1114135)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-03-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : systemd (openSUSE-2019-909)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15686", "CVE-2018-15688"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libsystemd0", "p-cpe:/a:novell:opensuse:libsystemd0-32bit", "p-cpe:/a:novell:opensuse:libsystemd0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsystemd0-debuginfo", "p-cpe:/a:novell:opensuse:libsystemd0-mini", "p-cpe:/a:novell:opensuse:libsystemd0-mini-debuginfo", "p-cpe:/a:novell:opensuse:libudev-devel", "p-cpe:/a:novell:opensuse:libudev-devel-32bit", "p-cpe:/a:novell:opensuse:libudev-mini-devel", "p-cpe:/a:novell:opensuse:libudev-mini1", "p-cpe:/a:novell:opensuse:libudev-mini1-debuginfo", "p-cpe:/a:novell:opensuse:libudev1", "p-cpe:/a:novell:opensuse:libudev1-32bit", "p-cpe:/a:novell:opensuse:libudev1-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libudev1-debuginfo", "p-cpe:/a:novell:opensuse:nss-myhostname", "p-cpe:/a:novell:opensuse:nss-myhostname-32bit", "p-cpe:/a:novell:opensuse:nss-myhostname-32bit-debuginfo", "p-cpe:/a:novell:opensuse:nss-myhostname-debuginfo", "p-cpe:/a:novell:opensuse:nss-mymachines", "p-cpe:/a:novell:opensuse:nss-mymachines-32bit", "p-cpe:/a:novell:opensuse:nss-mymachines-32bit-debuginfo", "p-cpe:/a:novell:opensuse:nss-mymachines-debuginfo", "p-cpe:/a:novell:opensuse:nss-systemd", "p-cpe:/a:novell:opensuse:nss-systemd-debuginfo", "p-cpe:/a:novell:opensuse:systemd", "p-cpe:/a:novell:opensuse:systemd-32bit", "p-cpe:/a:novell:opensuse:systemd-32bit-debuginfo", "p-cpe:/a:novell:opensuse:systemd-bash-completion", "p-cpe:/a:novell:opensuse:systemd-container", "p-cpe:/a:novell:opensuse:systemd-container-debuginfo", "p-cpe:/a:novell:opensuse:systemd-coredump", "p-cpe:/a:novell:opensuse:systemd-coredump-debuginfo", "p-cpe:/a:novell:opensuse:systemd-debuginfo", "p-cpe:/a:novell:opensuse:systemd-debugsource", "p-cpe:/a:novell:opensuse:systemd-devel", "p-cpe:/a:novell:opensuse:systemd-logger", "p-cpe:/a:novell:opensuse:systemd-mini", "p-cpe:/a:novell:opensuse:systemd-mini-bash-completion", "p-cpe:/a:novell:opensuse:systemd-mini-container-mini", "p-cpe:/a:novell:opensuse:systemd-mini-container-mini-debuginfo", "p-cpe:/a:novell:opensuse:systemd-mini-coredump-mini", "p-cpe:/a:novell:opensuse:systemd-mini-coredump-mini-debuginfo", "p-cpe:/a:novell:opensuse:systemd-mini-debuginfo", "p-cpe:/a:novell:opensuse:systemd-mini-debugsource", "p-cpe:/a:novell:opensuse:systemd-mini-devel", "p-cpe:/a:novell:opensuse:systemd-mini-sysvinit", "p-cpe:/a:novell:opensuse:systemd-sysvinit", "p-cpe:/a:novell:opensuse:udev", "p-cpe:/a:novell:opensuse:udev-debuginfo", "p-cpe:/a:novell:opensuse:udev-mini", "p-cpe:/a:novell:opensuse:udev-mini-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-909.NASL", "href": "https://www.tenable.com/plugins/nessus/123371", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-909.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123371);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-15686\", \"CVE-2018-15688\");\n\n script_name(english:\"openSUSE Security Update : systemd (openSUSE-2019-909)\");\n script_summary(english:\"Check for the openSUSE-2019-909 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for systemd fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-15688: A buffer overflow vulnerability in the\n dhcp6 client of systemd allowed a malicious dhcp6 server\n to overwrite heap memory in systemd-networkd.\n (bsc#1113632)\n\n - CVE-2018-15686: A vulnerability in unit_deserialize of\n systemd allows an attacker to supply arbitrary state\n across systemd re-execution via NotifyAccess. This can\n be used to improperly influence systemd execution and\n possibly lead to root privilege escalation.\n (bsc#1113665)\n\nNon security issues fixed :\n\n - dhcp6: split assert_return() to be more debuggable when\n hit\n\n - core: skip unit deserialization and move to the next one\n when unit_deserialize() fails\n\n - core: properly handle deserialization of unknown unit\n types (#6476)\n\n - core: don't create Requires for workdir if 'missing ok'\n (bsc#1113083)\n\n - logind: use manager_get_user_by_pid() where appropriate\n\n - logind: rework manager_get_(user|session)_by_pid() a bit\n\n - login: fix user@.service case, so we don't allow nested\n sessions (#8051) (bsc#1112024)\n\n - core: be more defensive if we can't determine\n per-connection socket peer (#7329)\n\n - core: introduce systemd.early_core_pattern= kernel\n cmdline option\n\n - core: add missing 'continue' statement\n\n - core/mount: fstype may be NULL\n\n - journald: don't ship systemd-journald-audit.socket\n (bsc#1109252)\n\n - core: make 'tmpfs' dependencies on swapfs a 'default'\n dep, not an 'implicit' (bsc#1110445)\n\n - mount: make sure we unmount tmpfs mounts before we\n deactivate swaps (#7076)\n\n - detect-virt: do not try to read all of /proc/cpuinfo\n (bsc#1109197)\n\n - emergency: make sure console password agents don't\n interfere with the emergency shell\n\n - man: document that 'nofail' also has an effect on\n ordering\n\n - journald: take leading spaces into account in\n syslog_parse_identifier\n\n - journal: do not remove multiple spaces after identifier\n in syslog message\n\n - syslog: fix segfault in syslog_parse_priority()\n\n - journal: fix syslog_parse_identifier()\n\n - install: drop left-over debug message (#6913)\n\n - Ship systemd-sysv-install helper via the main package\n This script was part of systemd-sysvinit sub-package but\n it was wrong since systemd-sysv-install is a script used\n to redirect enable/disable operations to chkconfig when\n the unit targets are sysv init scripts. Therefore it's\n never been a SySV init tool.\n\n - Add udev.no-partlabel-links kernel command-line option.\n This option can be used to disable the generation of the\n by-partlabel symlinks regardless of the name used.\n (bsc#1089761)\n\n - man: SystemMaxUse= clarification in journald.conf(5).\n (bsc#1101040)\n\n - systemctl: load unit if needed in 'systemctl is-active'\n (bsc#1102908)\n\n - core: don't freeze OnCalendar= timer units when the\n clock goes back a lot (bsc#1090944)\n\n - Enable or disable machines.target according to the\n presets (bsc#1107941)\n\n - cryptsetup: add support for sector-size= option\n (fate#325697)\n\n - nspawn: always use permission mode 555 for /sys\n (bsc#1107640)\n\n - Bugfix for a race condition between daemon-reload and\n other commands (bsc#1105031)\n\n - Fixes an issue where login with root credentials was not\n possible in init level 5 (bsc#1091677)\n\n - Fix an issue where services of type 'notify' harmless\n DENIED log entries. (bsc#991901)\n\n - Does no longer adjust qgroups on existing subvolumes\n (bsc#1093753)\n\n - cryptsetup: add support for sector-size= option (#9936)\n (fate#325697 bsc#1114135)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089761\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1090944\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1091677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1093753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1105031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107941\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=991901\"\n );\n # https://features.opensuse.org/325697\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected systemd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsystemd0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsystemd0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsystemd0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsystemd0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsystemd0-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsystemd0-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev-mini-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev-mini1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev-mini1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev1-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-myhostname\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-myhostname-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-myhostname-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-myhostname-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-mymachines\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-mymachines-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-mymachines-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-mymachines-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nss-systemd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-container-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-coredump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-coredump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-logger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-mini-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-mini-container-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-mini-container-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-mini-coredump-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-mini-coredump-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-mini-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-mini-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-mini-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:systemd-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:udev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:udev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:udev-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:udev-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libsystemd0-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libsystemd0-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libsystemd0-mini-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libsystemd0-mini-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libudev-devel-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libudev-mini-devel-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libudev-mini1-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libudev-mini1-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libudev1-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libudev1-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"nss-myhostname-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"nss-myhostname-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"nss-mymachines-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"nss-mymachines-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"nss-systemd-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"nss-systemd-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-bash-completion-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-container-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-container-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-coredump-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-coredump-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-debugsource-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-devel-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-logger-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-mini-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-mini-bash-completion-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-mini-container-mini-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-mini-container-mini-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-mini-coredump-mini-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-mini-coredump-mini-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-mini-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-mini-debugsource-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-mini-devel-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-mini-sysvinit-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"systemd-sysvinit-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"udev-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"udev-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"udev-mini-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"udev-mini-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libsystemd0-32bit-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libsystemd0-32bit-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libudev-devel-32bit-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libudev1-32bit-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libudev1-32bit-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"nss-myhostname-32bit-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"nss-myhostname-32bit-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"nss-mymachines-32bit-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"nss-mymachines-32bit-debuginfo-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"systemd-32bit-234-lp150.20.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"systemd-32bit-debuginfo-234-lp150.20.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsystemd0-mini / libsystemd0-mini-debuginfo / libudev-mini-devel / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:29:01", "description": "- Fix a local vulnerability from a race condition in chown-recursive (CVE-2018-15687, #1643367)\n\n - Fix a local vulnerability from invalid handling of long lines in state deserialization (CVE-2018-15686, #1643372)\n\n - Fix a remote vulnerability in DHCPv6 in systemd-networkd (CVE-2018-15688, #1643362)\n\n - Downgrade logging of various messages and add loging in other places\n\n - Many many fixes in error handling and minor memory leaks and such\n\n - Fix typos and omissions in documentation\n\n - Various smaller improvements to unit ordering and dependencies\n\n - Handling of invalid (intentionally corrupt) dbus messages is improved, fixing potential local DOS avenues\n\n - The target of symlinks links in .wants/ and .requires/ is now ignored. This fixes an issue where the unit file would sometimes be loaded from such a symlink, leading to non-deterministic unit contents.\n\n - Filtering of kernel threads is improved. This fixes an issues with newer kernels where hybrid kernel/user threads are used by bpfilter.\n\n - Catalog entries for the journal are improved (#1639482)\n\nNo need to reboot or log out.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 28 : systemd (2018-24bd6c9d4a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15686", "CVE-2018-15687", "CVE-2018-15688"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:systemd", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-24BD6C9D4A.NASL", "href": "https://www.tenable.com/plugins/nessus/120295", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-24bd6c9d4a.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120295);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-15686\", \"CVE-2018-15687\", \"CVE-2018-15688\");\n script_xref(name:\"FEDORA\", value:\"2018-24bd6c9d4a\");\n\n script_name(english:\"Fedora 28 : systemd (2018-24bd6c9d4a)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fix a local vulnerability from a race condition in\n chown-recursive (CVE-2018-15687, #1643367)\n\n - Fix a local vulnerability from invalid handling of long\n lines in state deserialization (CVE-2018-15686,\n #1643372)\n\n - Fix a remote vulnerability in DHCPv6 in systemd-networkd\n (CVE-2018-15688, #1643362)\n\n - Downgrade logging of various messages and add loging in\n other places\n\n - Many many fixes in error handling and minor memory leaks\n and such\n\n - Fix typos and omissions in documentation\n\n - Various smaller improvements to unit ordering and\n dependencies\n\n - Handling of invalid (intentionally corrupt) dbus\n messages is improved, fixing potential local DOS avenues\n\n - The target of symlinks links in .wants/ and .requires/\n is now ignored. This fixes an issue where the unit file\n would sometimes be loaded from such a symlink, leading\n to non-deterministic unit contents.\n\n - Filtering of kernel threads is improved. This fixes an\n issues with newer kernels where hybrid kernel/user\n threads are used by bpfilter.\n\n - Catalog entries for the journal are improved (#1639482)\n\nNo need to reboot or log out.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-24bd6c9d4a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected systemd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"systemd-238-10.git438ac26.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:16:26", "description": "An update for systemd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.\n\nSecurity Fix(es) :\n\n* systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688)\n\n* systemd: stack overflow when calling syslog from a command with long cmdline (CVE-2018-16864)\n\n* systemd: stack overflow when receiving many journald entries (CVE-2018-16865)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Ubuntu Security Team for reporting CVE-2018-15688 and Qualys Research Labs for reporting CVE-2018-16864 and CVE-2018-16865. Upstream acknowledges Felix Wilhelm (Google) as the original reporter of CVE-2018-15688.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-16T00:00:00", "type": "nessus", "title": "CentOS 7 : systemd (CESA-2019:0049)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688", "CVE-2018-16864", "CVE-2018-16865"], "modified": "2022-02-01T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libgudev1", "p-cpe:/a:centos:centos:libgudev1-devel", "p-cpe:/a:centos:centos:systemd", "p-cpe:/a:centos:centos:systemd-devel", "p-cpe:/a:centos:centos:systemd-journal-gateway", "p-cpe:/a:centos:centos:systemd-libs", "p-cpe:/a:centos:centos:systemd-networkd", "p-cpe:/a:centos:centos:systemd-python", "p-cpe:/a:centos:centos:systemd-resolved", "p-cpe:/a:centos:centos:systemd-sysv", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2019-0049.NASL", "href": "https://www.tenable.com/plugins/nessus/121192", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:0049 and \n# CentOS Errata and Security Advisory 2019:0049 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121192);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/01\");\n\n script_cve_id(\"CVE-2018-15688\", \"CVE-2018-16864\", \"CVE-2018-16865\");\n script_xref(name:\"RHSA\", value:\"2019:0049\");\n\n script_name(english:\"CentOS 7 : systemd (CESA-2019:0049)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for systemd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe systemd packages contain systemd, a system and service manager for\nLinux, compatible with the SysV and LSB init scripts. It provides\naggressive parallelism capabilities, uses socket and D-Bus activation\nfor starting services, offers on-demand starting of daemons, and keeps\ntrack of processes using Linux cgroups. In addition, it supports\nsnapshotting and restoring of the system state, maintains mount and\nautomount points, and implements an elaborate transactional\ndependency-based service control logic. It can also work as a drop-in\nreplacement for sysvinit.\n\nSecurity Fix(es) :\n\n* systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option\nhandling (CVE-2018-15688)\n\n* systemd: stack overflow when calling syslog from a command with long\ncmdline (CVE-2018-16864)\n\n* systemd: stack overflow when receiving many journald entries\n(CVE-2018-16865)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nRed Hat would like to thank Ubuntu Security Team for reporting\nCVE-2018-15688 and Qualys Research Labs for reporting CVE-2018-16864\nand CVE-2018-16865. Upstream acknowledges Felix Wilhelm (Google) as\nthe original reporter of CVE-2018-15688.\");\n # https://lists.centos.org/pipermail/centos-announce/2019-January/023143.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?55d760dc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected systemd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15688\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libgudev1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libgudev1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:systemd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:systemd-journal-gateway\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:systemd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:systemd-networkd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:systemd-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:systemd-resolved\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:systemd-sysv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libgudev1-219-62.el7_6.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libgudev1-devel-219-62.el7_6.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"systemd-219-62.el7_6.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"systemd-devel-219-62.el7_6.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"systemd-journal-gateway-219-62.el7_6.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"systemd-libs-219-62.el7_6.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"systemd-networkd-219-62.el7_6.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"systemd-python-219-62.el7_6.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"systemd-resolved-219-62.el7_6.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"systemd-sysv-219-62.el7_6.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libgudev1 / libgudev1-devel / systemd / systemd-devel / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:11:43", "description": "An update for systemd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.\n\nSecurity Fix(es) :\n\n* systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688)\n\n* systemd: stack overflow when calling syslog from a command with long cmdline (CVE-2018-16864)\n\n* systemd: stack overflow when receiving many journald entries (CVE-2018-16865)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Ubuntu Security Team for reporting CVE-2018-15688 and Qualys Research Labs for reporting CVE-2018-16864 and CVE-2018-16865. Upstream acknowledges Felix Wilhelm (Google) as the original reporter of CVE-2018-15688.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-15T00:00:00", "type": "nessus", "title": "RHEL 7 : systemd (RHSA-2019:0049)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688", "CVE-2018-16864", "CVE-2018-16865"], "modified": "2022-02-01T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libgudev1", "p-cpe:/a:redhat:enterprise_linux:libgudev1-devel", "p-cpe:/a:redhat:enterprise_linux:systemd", "p-cpe:/a:redhat:enterprise_linux:systemd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:systemd-devel", "p-cpe:/a:redhat:enterprise_linux:systemd-journal-gateway", "p-cpe:/a:redhat:enterprise_linux:systemd-libs", "p-cpe:/a:redhat:enterprise_linux:systemd-networkd", "p-cpe:/a:redhat:enterprise_linux:systemd-python", "p-cpe:/a:redhat:enterprise_linux:systemd-resolved", "p-cpe:/a:redhat:enterprise_linux:systemd-sysv", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.6"], "id": "REDHAT-RHSA-2019-0049.NASL", "href": "https://www.tenable.com/plugins/nessus/121173", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:0049. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121173);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/01\");\n\n script_cve_id(\"CVE-2018-15688\", \"CVE-2018-16864\", \"CVE-2018-16865\");\n script_xref(name:\"RHSA\", value:\"2019:0049\");\n\n script_name(english:\"RHEL 7 : systemd (RHSA-2019:0049)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for systemd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe systemd packages contain systemd, a system and service manager for\nLinux, compatible with the SysV and LSB init scripts. It provides\naggressive parallelism capabilities, uses socket and D-Bus activation\nfor starting services, offers on-demand starting of daemons, and keeps\ntrack of processes using Linux cgroups. In addition, it supports\nsnapshotting and restoring of the system state, maintains mount and\nautomount points, and implements an elaborate transactional\ndependency-based service control logic. It can also work as a drop-in\nreplacement for sysvinit.\n\nSecurity Fix(es) :\n\n* systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option\nhandling (CVE-2018-15688)\n\n* systemd: stack overflow when calling syslog from a command with long\ncmdline (CVE-2018-16864)\n\n* systemd: stack overflow when receiving many journald entries\n(CVE-2018-16865)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nRed Hat would like to thank Ubuntu Security Team for reporting\nCVE-2018-15688 and Qualys Research Labs for reporting CVE-2018-16864\nand CVE-2018-16865. Upstream acknowledges Felix Wilhelm (Google) as\nthe original reporter of CVE-2018-15688.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:0049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-15688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16865\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15688\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libgudev1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libgudev1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:systemd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:systemd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:systemd-journal-gateway\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:systemd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:systemd-networkd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:systemd-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:systemd-resolved\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:systemd-sysv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:0049\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"libgudev1-219-62.el7_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libgudev1-devel-219-62.el7_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"systemd-219-62.el7_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"systemd-219-62.el7_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"systemd-debuginfo-219-62.el7_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"systemd-devel-219-62.el7_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"systemd-journal-gateway-219-62.el7_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"systemd-journal-gateway-219-62.el7_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"systemd-libs-219-62.el7_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"systemd-networkd-219-62.el7_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"systemd-networkd-219-62.el7_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"systemd-python-219-62.el7_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"systemd-python-219-62.el7_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"systemd-resolved-219-62.el7_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"systemd-sysv-219-62.el7_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"systemd-sysv-219-62.el7_6.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libgudev1 / libgudev1-devel / systemd / systemd-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:29:26", "description": "According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges.i1/4^CVE-2018-16865i1/4%0\n\n - It was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim's one may advertise itself as a DHCPv6 server and exploit this flaw to cause a Denial of Service or potentially gain code execution on the victim's machine.i1/4^CVE-2018-15688i1/4%0\n\n - An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog.\n A local attacker may use this flaw to crash systemd-journald or escalate privileges.i1/4^CVE-2018-16864i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-09T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.3 : systemd (EulerOS-SA-2019-1227)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688", "CVE-2018-16864", "CVE-2018-16865"], "modified": "2022-02-01T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libgudev1", "p-cpe:/a:huawei:euleros:systemd", "p-cpe:/a:huawei:euleros:systemd-devel", "p-cpe:/a:huawei:euleros:systemd-libs", "p-cpe:/a:huawei:euleros:systemd-networkd", "p-cpe:/a:huawei:euleros:systemd-python", "p-cpe:/a:huawei:euleros:systemd-resolved", "p-cpe:/a:huawei:euleros:systemd-sysv", "cpe:/o:huawei:euleros:uvp:2.5.3"], "id": "EULEROS_SA-2019-1227.NASL", "href": "https://www.tenable.com/plugins/nessus/123913", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123913);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/01\");\n\n script_cve_id(\"CVE-2018-15688\", \"CVE-2018-16864\", \"CVE-2018-16865\");\n\n script_name(english:\"EulerOS Virtualization 2.5.3 : systemd (EulerOS-SA-2019-1227)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the systemd packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An allocation of memory without limits, that could\n result in the stack clashing with another memory\n region, was discovered in systemd-journald when many\n entries are sent to the journal socket. A local\n attacker, or a remote one if systemd-journal-remote is\n used, may use this flaw to crash systemd-journald or\n execute code with journald\n privileges.i1/4^CVE-2018-16865i1/4%0\n\n - It was discovered that systemd-network does not\n correctly keep track of a buffer size when constructing\n DHCPv6 packets. This flaw may lead to an integer\n underflow that can be used to produce an heap-based\n buffer overflow. A malicious host on the same network\n segment as the victim's one may advertise itself as a\n DHCPv6 server and exploit this flaw to cause a Denial\n of Service or potentially gain code execution on the\n victim's machine.i1/4^CVE-2018-15688i1/4%0\n\n - An allocation of memory without limits, that could\n result in the stack clashing with another memory\n region, was discovered in systemd-journald when a\n program with long command line arguments calls syslog.\n A local attacker may use this flaw to crash\n systemd-journald or escalate\n privileges.i1/4^CVE-2018-16864i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1227\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e74cdefb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected systemd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15688\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libgudev1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-networkd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-resolved\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-sysv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.3\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.3\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libgudev1-219-57.h66\",\n \"systemd-219-57.h66\",\n \"systemd-devel-219-57.h66\",\n \"systemd-libs-219-57.h66\",\n \"systemd-networkd-219-57.h66\",\n \"systemd-python-219-57.h66\",\n \"systemd-resolved-219-57.h66\",\n \"systemd-sysv-219-57.h66\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:15:28", "description": "From Red Hat Security Advisory 2019:0049 :\n\nAn update for systemd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.\n\nSecurity Fix(es) :\n\n* systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688)\n\n* systemd: stack overflow when calling syslog from a command with long cmdline (CVE-2018-16864)\n\n* systemd: stack overflow when receiving many journald entries (CVE-2018-16865)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Ubuntu Security Team for reporting CVE-2018-15688 and Qualys Research Labs for reporting CVE-2018-16864 and CVE-2018-16865. Upstream acknowledges Felix Wilhelm (Google) as the original reporter of CVE-2018-15688.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-15T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : systemd (ELSA-2019-0049)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688", "CVE-2018-16864", "CVE-2018-16865"], "modified": "2022-02-01T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libgudev1", "p-cpe:/a:oracle:linux:libgudev1-devel", "p-cpe:/a:oracle:linux:systemd", "p-cpe:/a:oracle:linux:systemd-devel", "p-cpe:/a:oracle:linux:systemd-journal-gateway", "p-cpe:/a:oracle:linux:systemd-libs", "p-cpe:/a:oracle:linux:systemd-networkd", "p-cpe:/a:oracle:linux:systemd-python", "p-cpe:/a:oracle:linux:systemd-resolved", "p-cpe:/a:oracle:linux:systemd-sysv", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2019-0049.NASL", "href": "https://www.tenable.com/plugins/nessus/121172", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:0049 and \n# Oracle Linux Security Advisory ELSA-2019-0049 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121172);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/01\");\n\n script_cve_id(\"CVE-2018-15688\", \"CVE-2018-16864\", \"CVE-2018-16865\");\n script_xref(name:\"RHSA\", value:\"2019:0049\");\n\n script_name(english:\"Oracle Linux 7 : systemd (ELSA-2019-0049)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"From Red Hat Security Advisory 2019:0049 :\n\nAn update for systemd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe systemd packages contain systemd, a system and service manager for\nLinux, compatible with the SysV and LSB init scripts. It provides\naggressive parallelism capabilities, uses socket and D-Bus activation\nfor starting services, offers on-demand starting of daemons, and keeps\ntrack of processes using Linux cgroups. In addition, it supports\nsnapshotting and restoring of the system state, maintains mount and\nautomount points, and implements an elaborate transactional\ndependency-based service control logic. It can also work as a drop-in\nreplacement for sysvinit.\n\nSecurity Fix(es) :\n\n* systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option\nhandling (CVE-2018-15688)\n\n* systemd: stack overflow when calling syslog from a command with long\ncmdline (CVE-2018-16864)\n\n* systemd: stack overflow when receiving many journald entries\n(CVE-2018-16865)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nRed Hat would like to thank Ubuntu Security Team for reporting\nCVE-2018-15688 and Qualys Research Labs for reporting CVE-2018-16864\nand CVE-2018-16865. Upstream acknowledges Felix Wilhelm (Google) as\nthe original reporter of CVE-2018-15688.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2019-January/008367.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected systemd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15688\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libgudev1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libgudev1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:systemd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:systemd-journal-gateway\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:systemd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:systemd-networkd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:systemd-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:systemd-resolved\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:systemd-sysv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libgudev1-219-62.0.4.el7_6.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libgudev1-devel-219-62.0.4.el7_6.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"systemd-219-62.0.4.el7_6.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"systemd-devel-219-62.0.4.el7_6.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"systemd-journal-gateway-219-62.0.4.el7_6.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"systemd-libs-219-62.0.4.el7_6.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"systemd-networkd-219-62.0.4.el7_6.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"systemd-python-219-62.0.4.el7_6.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"systemd-resolved-219-62.0.4.el7_6.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"systemd-sysv-219-62.0.4.el7_6.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libgudev1 / libgudev1-devel / systemd / systemd-devel / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:19:39", "description": "An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate privileges.(CVE-2018-16864)\n\nIt was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim's one may advertise itself as a DHCPv6 server and exploit this flaw to cause a Denial of Service or potentially gain code execution on the victim's machine.(CVE-2018-15688)\n\nAn allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges.(CVE-2018-16865)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-14T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : systemd (ALAS-2019-1160)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688", "CVE-2018-16864", "CVE-2018-16865"], "modified": "2022-02-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libgudev1", "p-cpe:/a:amazon:linux:libgudev1-devel", "p-cpe:/a:amazon:linux:systemd", "p-cpe:/a:amazon:linux:systemd-debuginfo", "p-cpe:/a:amazon:linux:systemd-devel", "p-cpe:/a:amazon:linux:systemd-journal-gateway", "p-cpe:/a:amazon:linux:systemd-libs", "p-cpe:/a:amazon:linux:systemd-networkd", "p-cpe:/a:amazon:linux:systemd-python", "p-cpe:/a:amazon:linux:systemd-resolved", "p-cpe:/a:amazon:linux:systemd-sysv", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2019-1160.NASL", "href": "https://www.tenable.com/plugins/nessus/122161", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1160.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122161);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/02\");\n\n script_cve_id(\"CVE-2018-15688\", \"CVE-2018-16864\", \"CVE-2018-16865\");\n script_xref(name:\"ALAS\", value:\"2019-1160\");\n\n script_name(english:\"Amazon Linux 2 : systemd (ALAS-2019-1160)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An allocation of memory without limits, that could result in the stack\nclashing with another memory region, was discovered in\nsystemd-journald when a program with long command line arguments calls\nsyslog. A local attacker may use this flaw to crash systemd-journald\nor escalate privileges.(CVE-2018-16864)\n\nIt was discovered that systemd-network does not correctly keep track\nof a buffer size when constructing DHCPv6 packets. This flaw may lead\nto an integer underflow that can be used to produce an heap-based\nbuffer overflow. A malicious host on the same network segment as the\nvictim's one may advertise itself as a DHCPv6 server and exploit this\nflaw to cause a Denial of Service or potentially gain code execution\non the victim's machine.(CVE-2018-15688)\n\nAn allocation of memory without limits, that could result in the stack\nclashing with another memory region, was discovered in\nsystemd-journald when many entries are sent to the journal socket. A\nlocal attacker, or a remote one if systemd-journal-remote is used, may\nuse this flaw to crash systemd-journald or execute code with journald\nprivileges.(CVE-2018-16865)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1160.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update systemd' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15688\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libgudev1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libgudev1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:systemd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:systemd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:systemd-journal-gateway\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:systemd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:systemd-networkd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:systemd-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:systemd-resolved\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:systemd-sysv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"libgudev1-219-57.amzn2.0.8\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"libgudev1-devel-219-57.amzn2.0.8\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"systemd-219-57.amzn2.0.8\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"systemd-debuginfo-219-57.amzn2.0.8\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"systemd-devel-219-57.amzn2.0.8\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"systemd-journal-gateway-219-57.amzn2.0.8\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"systemd-libs-219-57.amzn2.0.8\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"systemd-networkd-219-57.amzn2.0.8\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"systemd-python-219-57.amzn2.0.8\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"systemd-resolved-219-57.amzn2.0.8\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"systemd-sysv-219-57.amzn2.0.8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libgudev1 / libgudev1-devel / systemd / systemd-debuginfo / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-19T13:36:04", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has systemd packages installed that are affected by multiple vulnerabilities:\n\n - It was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim's one may advertise itself as a DHCPv6 server and exploit this flaw to cause a Denial of Service or potentially gain code execution on the victim's machine. (CVE-2018-15688)\n\n - An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. (CVE-2018-16865)\n\n - An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate privileges. (CVE-2018-16864)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : systemd Multiple Vulnerabilities (NS-SA-2019-0051)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688", "CVE-2018-16864", "CVE-2018-16865"], "modified": "2022-02-01T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0051_SYSTEMD.NASL", "href": "https://www.tenable.com/plugins/nessus/127236", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0051. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127236);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/01\");\n\n script_cve_id(\"CVE-2018-15688\", \"CVE-2018-16864\", \"CVE-2018-16865\");\n script_bugtraq_id(106523);\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : systemd Multiple Vulnerabilities (NS-SA-2019-0051)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has systemd packages installed that are affected\nby multiple vulnerabilities:\n\n - It was discovered that systemd-network does not\n correctly keep track of a buffer size when constructing\n DHCPv6 packets. This flaw may lead to an integer\n underflow that can be used to produce an heap-based\n buffer overflow. A malicious host on the same network\n segment as the victim's one may advertise itself as a\n DHCPv6 server and exploit this flaw to cause a Denial of\n Service or potentially gain code execution on the\n victim's machine. (CVE-2018-15688)\n\n - An allocation of memory without limits, that could\n result in the stack clashing with another memory region,\n was discovered in systemd-journald when many entries are\n sent to the journal socket. A local attacker, or a\n remote one if systemd-journal-remote is used, may use\n this flaw to crash systemd-journald or execute code with\n journald privileges. (CVE-2018-16865)\n\n - An allocation of memory without limits, that could\n result in the stack clashing with another memory region,\n was discovered in systemd-journald when a program with\n long command line arguments calls syslog. A local\n attacker may use this flaw to crash systemd-journald or\n escalate privileges. (CVE-2018-16864)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0051\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL systemd packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15688\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"libgudev1-219-62.el7_6.2.cgslv5.0.13.g055face.lite\",\n \"libgudev1-devel-219-62.el7_6.2.cgslv5.0.13.g055face.lite\",\n \"systemd-219-62.el7_6.2.cgslv5.0.13.g055face.lite\",\n \"systemd-debuginfo-219-62.el7_6.2.cgslv5.0.13.g055face.lite\",\n \"systemd-devel-219-62.el7_6.2.cgslv5.0.13.g055face.lite\",\n \"systemd-journal-gateway-219-62.el7_6.2.cgslv5.0.13.g055face.lite\",\n \"systemd-libs-219-62.el7_6.2.cgslv5.0.13.g055face.lite\",\n \"systemd-networkd-219-62.el7_6.2.cgslv5.0.13.g055face.lite\",\n \"systemd-python-219-62.el7_6.2.cgslv5.0.13.g055face.lite\",\n \"systemd-resolved-219-62.el7_6.2.cgslv5.0.13.g055face.lite\",\n \"systemd-sysv-219-62.el7_6.2.cgslv5.0.13.g055face.lite\"\n ],\n \"CGSL MAIN 5.04\": [\n \"libgudev1-219-62.el7_6.2.cgslv5.0.9.g9e2a5ee\",\n \"libgudev1-devel-219-62.el7_6.2.cgslv5.0.9.g9e2a5ee\",\n \"systemd-219-62.el7_6.2.cgslv5.0.9.g9e2a5ee\",\n \"systemd-debuginfo-219-62.el7_6.2.cgslv5.0.9.g9e2a5ee\",\n \"systemd-devel-219-62.el7_6.2.cgslv5.0.9.g9e2a5ee\",\n \"systemd-journal-gateway-219-62.el7_6.2.cgslv5.0.9.g9e2a5ee\",\n \"systemd-libs-219-62.el7_6.2.cgslv5.0.9.g9e2a5ee\",\n \"systemd-networkd-219-62.el7_6.2.cgslv5.0.9.g9e2a5ee\",\n \"systemd-python-219-62.el7_6.2.cgslv5.0.9.g9e2a5ee\",\n \"systemd-resolved-219-62.el7_6.2.cgslv5.0.9.g9e2a5ee\",\n \"systemd-sysv-219-62.el7_6.2.cgslv5.0.9.g9e2a5ee\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:29:18", "description": "- Fix a local vulnerability from a race condition in chown-recursive (CVE-2018-15687, #1639076)\n\n - Fix a local vulnerability from invalid handling of long lines in state deserialization (CVE-2018-15686, #1639071)\n\n - Fix a remote vulnerability in DHCPv6 in systemd-networkd (CVE-2018-15688, #1639067)\n\n - The DHCP server is started only when link is UP\n\n - DHCPv6 prefix delegation is improved\n\n - Downgrade logging of various messages and add loging in other places\n\n - Many many fixes in error handling and minor memory leaks and such\n\n - Fix typos and omissions in documentation\n\n - Typo in %%_environmnentdir rpm macro is fixed (with backwards compatibility preserved)\n\n - Matching by MACAddress= in systemd-networkd is fixed\n\n - Creation of user runtime directories is improved, and the user manager is only stopped after 10 s after the user logs out (#1642460 and other bugs)\n\n - systemd units systemd-timesyncd, systemd-resolved, systemd-networkd are switched back to use DynamicUser=0\n\n - Aliases are now resolved when loading modules from pid1.\n This is a (redundant) fix for a brief kernel regression.\n\n - 'systemctl --wait start' exits immediately if no valid units are named\n\n - zram devices are not considered as candidates for hibernation\n\n - ECN is not requested for both in- and out-going connections (the sysctl overide for net.ipv4.tcp_ecn is removed)\n\n - Various smaller improvements to unit ordering and dependencies\n\n - generators are now called with the manager's environment\n\n - Handling of invalid (intentionally corrupt) dbus messages is improved, fixing potential local DOS avenues\n\n - The target of symlinks links in .wants/ and .requires/ is now ignored. This fixes an issue where the unit file would sometimes be loaded from such a symlink, leading to non-deterministic unit contents.\n\n - Filtering of kernel threads is improved. This fixes an issues with newer kernels where hybrid kernel/user threads are used by bpfilter.\n\n - 'noresume' can be used on the kernel command line to force normal boot even if a hibernation images is present\n\n - Hibernation is not advertised if resume= is not present on the kernenl command line\n\n - Hibernation/Suspend/... modes can be disabled using AllowSuspend=, AllowHibernation=, AllowSuspendThenHibernate=, AllowHybridSleep=\n\n - LOGO= and DOCUMENTATION_URL= are documented for the os-release file\n\n - The hashmap mempool is now only used internally in systemd, and is disabled for external users of the systemd libraries\n\n - Additional state is serialized/deserialized when logind is restarted, fixing the handling of user objects\n\n - Catalog entries for the journal are improved (#1639482)\n\n - If suspend fails, the post-suspend hooks are still called.\n\n - Various build issues on less-common architectures are fixed\n\nNo need to reboot or log out.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 29 : systemd (2018-c402eea18b)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15686", "CVE-2018-15687", "CVE-2018-15688"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:systemd", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2018-C402EEA18B.NASL", "href": "https://www.tenable.com/plugins/nessus/120769", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-c402eea18b.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120769);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-15686\", \"CVE-2018-15687\", \"CVE-2018-15688\");\n script_xref(name:\"FEDORA\", value:\"2018-c402eea18b\");\n\n script_name(english:\"Fedora 29 : systemd (2018-c402eea18b)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fix a local vulnerability from a race condition in\n chown-recursive (CVE-2018-15687, #1639076)\n\n - Fix a local vulnerability from invalid handling of long\n lines in state deserialization (CVE-2018-15686,\n #1639071)\n\n - Fix a remote vulnerability in DHCPv6 in systemd-networkd\n (CVE-2018-15688, #1639067)\n\n - The DHCP server is started only when link is UP\n\n - DHCPv6 prefix delegation is improved\n\n - Downgrade logging of various messages and add loging in\n other places\n\n - Many many fixes in error handling and minor memory leaks\n and such\n\n - Fix typos and omissions in documentation\n\n - Typo in %%_environmnentdir rpm macro is fixed (with\n backwards compatibility preserved)\n\n - Matching by MACAddress= in systemd-networkd is fixed\n\n - Creation of user runtime directories is improved, and\n the user manager is only stopped after 10 s after the\n user logs out (#1642460 and other bugs)\n\n - systemd units systemd-timesyncd, systemd-resolved,\n systemd-networkd are switched back to use DynamicUser=0\n\n - Aliases are now resolved when loading modules from pid1.\n This is a (redundant) fix for a brief kernel regression.\n\n - 'systemctl --wait start' exits immediately if no valid\n units are named\n\n - zram devices are not considered as candidates for\n hibernation\n\n - ECN is not requested for both in- and out-going\n connections (the sysctl overide for net.ipv4.tcp_ecn is\n removed)\n\n - Various smaller improvements to unit ordering and\n dependencies\n\n - generators are now called with the manager's environment\n\n - Handling of invalid (intentionally corrupt) dbus\n messages is improved, fixing potential local DOS avenues\n\n - The target of symlinks links in .wants/ and .requires/\n is now ignored. This fixes an issue where the unit file\n would sometimes be loaded from such a symlink, leading\n to non-deterministic unit contents.\n\n - Filtering of kernel threads is improved. This fixes an\n issues with newer kernels where hybrid kernel/user\n threads are used by bpfilter.\n\n - 'noresume' can be used on the kernel command line to\n force normal boot even if a hibernation images is\n present\n\n - Hibernation is not advertised if resume= is not present\n on the kernenl command line\n\n - Hibernation/Suspend/... modes can be disabled using\n AllowSuspend=, AllowHibernation=,\n AllowSuspendThenHibernate=, AllowHybridSleep=\n\n - LOGO= and DOCUMENTATION_URL= are documented for the\n os-release file\n\n - The hashmap mempool is now only used internally in\n systemd, and is disabled for external users of the\n systemd libraries\n\n - Additional state is serialized/deserialized when logind\n is restarted, fixing the handling of user objects\n\n - Catalog entries for the journal are improved (#1639482)\n\n - If suspend fails, the post-suspend hooks are still\n called.\n\n - Various build issues on less-common architectures are\n fixed\n\nNo need to reboot or log out.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-c402eea18b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected systemd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"systemd-239-6.git9f3aed1.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:18:20", "description": "According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688)\n\n - systemd: stack overflow when calling syslog from a command with long cmdline (CVE-2018-16864)\n\n - systemd: stack overflow when receiving many journald entries (CVE-2018-16865)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-22T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : systemd (EulerOS-SA-2019-1060)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688", "CVE-2018-16864", "CVE-2018-16865"], "modified": "2022-02-01T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libgudev1", "p-cpe:/a:huawei:euleros:libgudev1-devel", "p-cpe:/a:huawei:euleros:systemd", "p-cpe:/a:huawei:euleros:systemd-devel", "p-cpe:/a:huawei:euleros:systemd-libs", "p-cpe:/a:huawei:euleros:systemd-python", "p-cpe:/a:huawei:euleros:systemd-sysv", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1060.NASL", "href": "https://www.tenable.com/plugins/nessus/122387", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122387);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/01\");\n\n script_cve_id(\"CVE-2018-15688\", \"CVE-2018-16864\", \"CVE-2018-16865\");\n\n script_name(english:\"EulerOS 2.0 SP2 : systemd (EulerOS-SA-2019-1060)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the systemd packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - systemd: Out-of-bounds heap write in systemd-networkd\n dhcpv6 option handling (CVE-2018-15688)\n\n - systemd: stack overflow when calling syslog from a\n command with long cmdline (CVE-2018-16864)\n\n - systemd: stack overflow when receiving many journald\n entries (CVE-2018-16865)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1060\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?869d28b3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected systemd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15688\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libgudev1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libgudev1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-sysv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libgudev1-219-30.6.h30\",\n \"libgudev1-devel-219-30.6.h30\",\n \"systemd-219-30.6.h30\",\n \"systemd-devel-219-30.6.h30\",\n \"systemd-libs-219-30.6.h30\",\n \"systemd-python-219-30.6.h30\",\n \"systemd-sysv-219-30.6.h30\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:55:58", "description": "The remote host is affected by the vulnerability described in GLSA-201810-10 (systemd: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in systemd. Please review the CVE identifiers referenced below for details.\n Impact :\n\n An attacker could possibly execute arbitrary code, cause a Denial of Service condition, or gain escalated privileges.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-31T00:00:00", "type": "nessus", "title": "GLSA-201810-10 : systemd: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15686", "CVE-2018-15687", "CVE-2018-15688"], "modified": "2022-02-02T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:systemd", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201810-10.NASL", "href": "https://www.tenable.com/plugins/nessus/118510", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201810-10.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118510);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/02\");\n\n script_cve_id(\"CVE-2018-15686\", \"CVE-2018-15687\", \"CVE-2018-15688\");\n script_xref(name:\"GLSA\", value:\"201810-10\");\n\n script_name(english:\"GLSA-201810-10 : systemd: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201810-10\n(systemd: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in systemd. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n An attacker could possibly execute arbitrary code, cause a Denial of\n Service condition, or gain escalated privileges.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201810-10\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All systemd users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/systemd-239-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15686\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/systemd\", unaffected:make_list(\"ge 239-r2\"), vulnerable:make_list(\"lt 239-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T15:21:41", "description": "Security Fix(es) :\n\n - systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688)\n\n - systemd: stack overflow when calling syslog from a command with long cmdline (CVE-2018-16864)\n\n - systemd: stack overflow when receiving many journald entries (CVE-2018-16865)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-16T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : systemd on SL7.x x86_64 (20190114)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688", "CVE-2018-16864", "CVE-2018-16865"], "modified": "2022-02-02T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:libgudev1", "p-cpe:/a:fermilab:scientific_linux:libgudev1-devel", "p-cpe:/a:fermilab:scientific_linux:systemd", "p-cpe:/a:fermilab:scientific_linux:systemd-debuginfo", "p-cpe:/a:fermilab:scientific_linux:systemd-devel", "p-cpe:/a:fermilab:scientific_linux:systemd-journal-gateway", "p-cpe:/a:fermilab:scientific_linux:systemd-libs", "p-cpe:/a:fermilab:scientific_linux:systemd-networkd", "p-cpe:/a:fermilab:scientific_linux:systemd-python", "p-cpe:/a:fermilab:scientific_linux:systemd-resolved", "p-cpe:/a:fermilab:scientific_linux:systemd-sysv", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20190114_SYSTEMD_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/121204", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121204);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/02\");\n\n script_cve_id(\"CVE-2018-15688\", \"CVE-2018-16864\", \"CVE-2018-16865\");\n\n script_name(english:\"Scientific Linux Security Update : systemd on SL7.x x86_64 (20190114)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - systemd: Out-of-bounds heap write in systemd-networkd\n dhcpv6 option handling (CVE-2018-15688)\n\n - systemd: stack overflow when calling syslog from a\n command with long cmdline (CVE-2018-16864)\n\n - systemd: stack overflow when receiving many journald\n entries (CVE-2018-16865)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1901&L=SCIENTIFIC-LINUX-ERRATA&P=1419\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d4495fb7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15688\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libgudev1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libgudev1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:systemd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:systemd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:systemd-journal-gateway\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:systemd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:systemd-networkd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:systemd-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:systemd-resolved\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:systemd-sysv\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libgudev1-219-62.el7_6.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libgudev1-devel-219-62.el7_6.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"systemd-219-62.el7_6.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"systemd-debuginfo-219-62.el7_6.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"systemd-devel-219-62.el7_6.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"systemd-journal-gateway-219-62.el7_6.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"systemd-libs-219-62.el7_6.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"systemd-networkd-219-62.el7_6.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"systemd-python-219-62.el7_6.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"systemd-resolved-219-62.el7_6.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"systemd-sysv-219-62.el7_6.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libgudev1 / libgudev1-devel / systemd / systemd-debuginfo / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:30:27", "description": "systemd was found to suffer from multiple security vulnerabilities ranging from denial of service attacks to possible root privilege escalation.\n\nCVE-2018-1049\n\nA race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.\n\nCVE-2018-15686\n\nA vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess.\nThis can be used to improperly influence systemd execution and possibly lead to root privilege escalation.\n\nCVE-2018-15688\n\nA buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd, which is not enabled by default in Debian.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 215-17+deb8u8.\n\nWe recommend that you upgrade your systemd packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-20T00:00:00", "type": "nessus", "title": "Debian DLA-1580-1 : systemd security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1049", "CVE-2018-15686", "CVE-2018-15688"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:gir1.2-gudev-1.0", "p-cpe:/a:debian:debian_linux:libgudev-1.0-0", "p-cpe:/a:debian:debian_linux:libgudev-1.0-dev", "p-cpe:/a:debian:debian_linux:libpam-systemd", "p-cpe:/a:debian:debian_linux:libsystemd-daemon-dev", "p-cpe:/a:debian:debian_linux:libsystemd-daemon0", "p-cpe:/a:debian:debian_linux:libsystemd-dev", "p-cpe:/a:debian:debian_linux:libsystemd-id128-0", "p-cpe:/a:debian:debian_linux:libsystemd-id128-dev", "p-cpe:/a:debian:debian_linux:libsystemd-journal-dev", "p-cpe:/a:debian:debian_linux:libsystemd-journal0", "p-cpe:/a:debian:debian_linux:libsystemd-login-dev", "p-cpe:/a:debian:debian_linux:libsystemd-login0", "p-cpe:/a:debian:debian_linux:libsystemd0", "p-cpe:/a:debian:debian_linux:libudev-dev", "p-cpe:/a:debian:debian_linux:libudev1", "p-cpe:/a:debian:debian_linux:libudev1-udeb", "p-cpe:/a:debian:debian_linux:python3-systemd", "p-cpe:/a:debian:debian_linux:systemd", "p-cpe:/a:debian:debian_linux:systemd-dbg", "p-cpe:/a:debian:debian_linux:systemd-sysv", "p-cpe:/a:debian:debian_linux:udev", "p-cpe:/a:debian:debian_linux:udev-udeb", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1580.NASL", "href": "https://www.tenable.com/plugins/nessus/119039", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1580-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119039);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-1049\", \"CVE-2018-15686\", \"CVE-2018-15688\");\n\n script_name(english:\"Debian DLA-1580-1 : systemd security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"systemd was found to suffer from multiple security vulnerabilities\nranging from denial of service attacks to possible root privilege\nescalation.\n\nCVE-2018-1049\n\nA race condition exists between .mount and .automount units such that\nautomount requests from kernel may not be serviced by systemd\nresulting in kernel holding the mountpoint and any processes that try\nto use said mount will hang. A race condition like this may lead to\ndenial of service, until mount points are unmounted.\n\nCVE-2018-15686\n\nA vulnerability in unit_deserialize of systemd allows an attacker to\nsupply arbitrary state across systemd re-execution via NotifyAccess.\nThis can be used to improperly influence systemd execution and\npossibly lead to root privilege escalation.\n\nCVE-2018-15688\n\nA buffer overflow vulnerability in the dhcp6 client of systemd allows\na malicious dhcp6 server to overwrite heap memory in systemd-networkd,\nwhich is not enabled by default in Debian.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n215-17+deb8u8.\n\nWe recommend that you upgrade your systemd packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/systemd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gir1.2-gudev-1.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgudev-1.0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgudev-1.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpam-systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsystemd-daemon-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsystemd-daemon0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsystemd-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsystemd-id128-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsystemd-id128-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsystemd-journal-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsystemd-journal0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsystemd-login-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsystemd-login0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsystemd0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libudev-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libudev1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libudev1-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3-systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:systemd-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:systemd-sysv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udev-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"gir1.2-gudev-1.0\", reference:\"215-17+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgudev-1.0-0\", reference:\"215-17+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgudev-1.0-dev\", reference:\"215-17+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpam-systemd\", reference:\"215-17+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsystemd-daemon-dev\", reference:\"215-17+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsystemd-daemon0\", reference:\"215-17+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsystemd-dev\", reference:\"215-17+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsystemd-id128-0\", reference:\"215-17+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsystemd-id128-dev\", reference:\"215-17+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsystemd-journal-dev\", reference:\"215-17+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsystemd-journal0\", reference:\"215-17+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsystemd-login-dev\", reference:\"215-17+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsystemd-login0\", reference:\"215-17+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsystemd0\", reference:\"215-17+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libudev-dev\", reference:\"215-17+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libudev1\", reference:\"215-17+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libudev1-udeb\", reference:\"215-17+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python3-systemd\", reference:\"215-17+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"systemd\", reference:\"215-17+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"systemd-dbg\", reference:\"215-17+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"systemd-sysv\", reference:\"215-17+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"udev\", reference:\"215-17+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"udev-udeb\", reference:\"215-17+deb8u8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:28:42", "description": "According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges.i1/4^CVE-2018-16865i1/4%0\n\n - It was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim's one may advertise itself as a DHCPv6 server and exploit this flaw to cause a Denial of Service or potentially gain code execution on the victim's machine.i1/4^CVE-2018-15688i1/4%0\n\n - An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog.\n A local attacker may use this flaw to crash systemd-journald or escalate privileges.i1/4^CVE-2018-16864i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-04T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.4 : systemd (EulerOS-SA-2019-1233)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688", "CVE-2018-16864", "CVE-2018-16865"], "modified": "2022-02-01T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libgudev1-devel", "p-cpe:/a:huawei:euleros:systemd", "p-cpe:/a:huawei:euleros:systemd-devel", "p-cpe:/a:huawei:euleros:systemd-libs", "p-cpe:/a:huawei:euleros:systemd-networkd", "p-cpe:/a:huawei:euleros:systemd-python", "p-cpe:/a:huawei:euleros:systemd-resolved", "p-cpe:/a:huawei:euleros:systemd-sysv", "cpe:/o:huawei:euleros:uvp:2.5.4"], "id": "EULEROS_SA-2019-1233.NASL", "href": "https://www.tenable.com/plugins/nessus/123701", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123701);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/01\");\n\n script_cve_id(\"CVE-2018-15688\", \"CVE-2018-16864\", \"CVE-2018-16865\");\n\n script_name(english:\"EulerOS Virtualization 2.5.4 : systemd (EulerOS-SA-2019-1233)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the systemd packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An allocation of memory without limits, that could\n result in the stack clashing with another memory\n region, was discovered in systemd-journald when many\n entries are sent to the journal socket. A local\n attacker, or a remote one if systemd-journal-remote is\n used, may use this flaw to crash systemd-journald or\n execute code with journald\n privileges.i1/4^CVE-2018-16865i1/4%0\n\n - It was discovered that systemd-network does not\n correctly keep track of a buffer size when constructing\n DHCPv6 packets. This flaw may lead to an integer\n underflow that can be used to produce an heap-based\n buffer overflow. A malicious host on the same network\n segment as the victim's one may advertise itself as a\n DHCPv6 server and exploit this flaw to cause a Denial\n of Service or potentially gain code execution on the\n victim's machine.i1/4^CVE-2018-15688i1/4%0\n\n - An allocation of memory without limits, that could\n result in the stack clashing with another memory\n region, was discovered in systemd-journald when a\n program with long command line arguments calls syslog.\n A local attacker may use this flaw to crash\n systemd-journald or escalate\n privileges.i1/4^CVE-2018-16864i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1233\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c1c52856\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected systemd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15688\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libgudev1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-networkd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-resolved\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-sysv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.4\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.4\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.4\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libgudev1-devel-219-57.h68\",\n \"systemd-219-57.h68\",\n \"systemd-devel-219-57.h68\",\n \"systemd-libs-219-57.h68\",\n \"systemd-networkd-219-57.h68\",\n \"systemd-python-219-57.h68\",\n \"systemd-resolved-219-57.h68\",\n \"systemd-sysv-219-57.h68\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-19T13:50:34", "description": "According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog.\n A local attacker may use this flaw to crash systemd-journald or escalate his privileges.(CVE-2018-16864)\n\n - An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges.(CVE-2018-16865)\n\n - It was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim's one may advertise itself as a DHCPv6 server and exploit this flaw to cause a Denial of Service or potentially gain code execution on the victim's machine.(CVE-2018-15688)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : systemd (EulerOS-SA-2019-1416)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688", "CVE-2018-16864", "CVE-2018-16865"], "modified": "2022-02-01T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libgudev1", "p-cpe:/a:huawei:euleros:systemd", "p-cpe:/a:huawei:euleros:systemd-devel", "p-cpe:/a:huawei:euleros:systemd-libs", "p-cpe:/a:huawei:euleros:systemd-networkd", "p-cpe:/a:huawei:euleros:systemd-python", "p-cpe:/a:huawei:euleros:systemd-resolved", "p-cpe:/a:huawei:euleros:systemd-sysv", "p-cpe:/a:huawei:euleros:systemd-udev-compat", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1416.NASL", "href": "https://www.tenable.com/plugins/nessus/124919", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124919);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/01\");\n\n script_cve_id(\"CVE-2018-15688\", \"CVE-2018-16864\", \"CVE-2018-16865\");\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : systemd (EulerOS-SA-2019-1416)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the systemd packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An allocation of memory without limits, that could\n result in the stack clashing with another memory\n region, was discovered in systemd-journald when a\n program with long command line arguments calls syslog.\n A local attacker may use this flaw to crash\n systemd-journald or escalate his\n privileges.(CVE-2018-16864)\n\n - An allocation of memory without limits, that could\n result in the stack clashing with another memory\n region, was discovered in systemd-journald when many\n entries are sent to the journal socket. A local\n attacker, or a remote one if systemd-journal-remote is\n used, may use this flaw to crash systemd-journald or\n execute code with journald privileges.(CVE-2018-16865)\n\n - It was discovered that systemd-network does not\n correctly keep track of a buffer size when constructing\n DHCPv6 packets. This flaw may lead to an integer\n underflow that can be used to produce an heap-based\n buffer overflow. A malicious host on the same network\n segment as the victim's one may advertise itself as a\n DHCPv6 server and exploit this flaw to cause a Denial\n of Service or potentially gain code execution on the\n victim's machine.(CVE-2018-15688)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1416\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7ffa3988\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected systemd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15688\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libgudev1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-networkd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-resolved\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-sysv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-udev-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libgudev1-219-57.h88\",\n \"systemd-219-57.h88\",\n \"systemd-devel-219-57.h88\",\n \"systemd-libs-219-57.h88\",\n \"systemd-networkd-219-57.h88\",\n \"systemd-python-219-57.h88\",\n \"systemd-resolved-219-57.h88\",\n \"systemd-sysv-219-57.h88\",\n \"systemd-udev-compat-219-57.h88\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:25:25", "description": "According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688)\n\n - systemd: stack overflow when calling syslog from a command with long cmdline (CVE-2018-16864)\n\n - systemd: stack overflow when receiving many journald entries (CVE-2018-16865)\n\n - systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash (CVE-2019-6454)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-03-26T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : systemd (EulerOS-SA-2019-1107)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15688", "CVE-2018-16864", "CVE-2018-16865", "CVE-2019-6454"], "modified": "2022-02-01T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libgudev1", "p-cpe:/a:huawei:euleros:libgudev1-devel", "p-cpe:/a:huawei:euleros:systemd", "p-cpe:/a:huawei:euleros:systemd-devel", "p-cpe:/a:huawei:euleros:systemd-libs", "p-cpe:/a:huawei:euleros:systemd-python", "p-cpe:/a:huawei:euleros:systemd-sysv", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1107.NASL", "href": "https://www.tenable.com/plugins/nessus/123120", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123120);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/01\");\n\n script_cve_id(\n \"CVE-2018-15688\",\n \"CVE-2018-16864\",\n \"CVE-2018-16865\",\n \"CVE-2019-6454\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : systemd (EulerOS-SA-2019-1107)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the systemd packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - systemd: Out-of-bounds heap write in systemd-networkd\n dhcpv6 option handling (CVE-2018-15688)\n\n - systemd: stack overflow when calling syslog from a\n command with long cmdline (CVE-2018-16864)\n\n - systemd: stack overflow when receiving many journald\n entries (CVE-2018-16865)\n\n - systemd: Insufficient input validation in\n bus_process_object() resulting in PID 1 crash\n (CVE-2019-6454)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1107\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8506613b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected systemd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15688\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libgudev1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libgudev1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-sysv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libgudev1-219-30.6.h53\",\n \"libgudev1-devel-219-30.6.h53\",\n \"systemd-219-30.6.h53\",\n \"systemd-devel-219-30.6.h53\",\n \"systemd-libs-219-30.6.h53\",\n \"systemd-python-219-30.6.h53\",\n \"systemd-sysv-219-30.6.h53\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-19T13:51:16", "description": "According to the versions of the systemd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog.\n A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.(CVE-2018-16864)\n\n - An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.(CVE-2018-16865)\n\n - An issue was discovered in sd-bus in systemd 239.\n bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).(CVE-2019-6454)\n\n - A race condition was found in systemd. This could result in automount requests not being serviced and processes using them could hang, causing denial of service.(CVE-2018-1049)\n\n - It was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim's one may advertise itself as a DHCPv6 server and exploit this flaw to cause a Denial of Service or potentially gain code execution on the victim's machine.(CVE-2018-15688)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : systemd (EulerOS-SA-2019-1412)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1049", "CVE-2018-15688", "CVE-2018-16864", "CVE-2018-16865", "CVE-2019-6454"], "modified": "2022-02-01T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libgudev1", "p-cpe:/a:huawei:euleros:systemd", "p-cpe:/a:huawei:euleros:systemd-libs", "p-cpe:/a:huawei:euleros:systemd-networkd", "p-cpe:/a:huawei:euleros:systemd-python", "p-cpe:/a:huawei:euleros:systemd-resolved", "p-cpe:/a:huawei:euleros:systemd-sysv", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1412.NASL", "href": "https://www.tenable.com/plugins/nessus/124915", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124915);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/01\");\n\n script_cve_id(\n \"CVE-2018-1049\",\n \"CVE-2018-15688\",\n \"CVE-2018-16864\",\n \"CVE-2018-16865\",\n \"CVE-2019-6454\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : systemd (EulerOS-SA-2019-1412)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the systemd packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - An allocation of memory without limits, that could\n result in the stack clashing with another memory\n region, was discovered in systemd-journald when a\n program with long command line arguments calls syslog.\n A local attacker may use this flaw to crash\n systemd-journald or escalate his privileges. Versions\n through v240 are vulnerable.(CVE-2018-16864)\n\n - An allocation of memory without limits, that could\n result in the stack clashing with another memory\n region, was discovered in systemd-journald when many\n entries are sent to the journal socket. A local\n attacker, or a remote one if systemd-journal-remote is\n used, may use this flaw to crash systemd-journald or\n execute code with journald privileges. Versions through\n v240 are vulnerable.(CVE-2018-16865)\n\n - An issue was discovered in sd-bus in systemd 239.\n bus_process_object() in libsystemd/sd-bus/bus-objects.c\n allocates a variable-length stack buffer for\n temporarily storing the object path of incoming D-Bus\n messages. An unprivileged local user can exploit this\n by sending a specially crafted message to PID1, causing\n the stack pointer to jump over the stack guard pages\n into an unmapped memory region and trigger a denial of\n service (systemd PID1 crash and kernel\n panic).(CVE-2019-6454)\n\n - A race condition was found in systemd. This could\n result in automount requests not being serviced and\n processes using them could hang, causing denial of\n service.(CVE-2018-1049)\n\n - It was discovered that systemd-network does not\n correctly keep track of a buffer size when constructing\n DHCPv6 packets. This flaw may lead to an integer\n underflow that can be used to produce an heap-based\n buffer overflow. A malicious host on the same network\n segment as the victim's one may advertise itself as a\n DHCPv6 server and exploit this flaw to cause a Denial\n of Service or potentially gain code execution on the\n victim's machine.(CVE-2018-15688)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1412\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3c0b4fd4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected systemd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15688\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libgudev1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-networkd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-resolved\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-sysv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"libgudev1-219-57.h82\",\n \"systemd-219-57.h82\",\n \"systemd-libs-219-57.h82\",\n \"systemd-networkd-219-57.h82\",\n \"systemd-python-219-57.h82\",\n \"systemd-resolved-219-57.h82\",\n \"systemd-sysv-219-57.h82\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:18:17", "description": "According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688)\n\n - systemd: stack overflow when calling syslog from a command with long cmdline (CVE-2018-16864)\n\n - systemd: stack overflow when receiving many journald entries (CVE-2018-16865)\n\n - systemd: Assertion failure when PID 1 receives a zero-length message over notify socket(CVE-2016-7795)\n\n - systemd: Unsafe handling of hard links allowing privilege escalation(CVE-2017-18078)\n\n - systemd: Out-of-bounds write in systemd-resolved due to allocating too small buffer in dns_packet_new(CVE-2017-9445)\n\n - systemd: memory leak in journald-server.c introduced by fix for CVE-2018-16864 (CVE-2019-3815)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-15T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : systemd (EulerOS-SA-2019-1045)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7795", "CVE-2017-18078", "CVE-2017-9445", "CVE-2018-15688", "CVE-2018-16864", "CVE-2018-16865", "CVE-2019-3815"], "modified": "2022-02-01T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:systemd", "p-cpe:/a:huawei:euleros:systemd-devel", "p-cpe:/a:huawei:euleros:systemd-libs", "p-cpe:/a:huawei:euleros:systemd-python", "p-cpe:/a:huawei:euleros:systemd-sysv", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1045.NASL", "href": "https://www.tenable.com/plugins/nessus/122218", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122218);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/01\");\n\n script_cve_id(\n \"CVE-2016-7795\",\n \"CVE-2017-9445\",\n \"CVE-2017-18078\",\n \"CVE-2018-15688\",\n \"CVE-2018-16864\",\n \"CVE-2018-16865\",\n \"CVE-2019-3815\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : systemd (EulerOS-SA-2019-1045)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the systemd packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - systemd: Out-of-bounds heap write in systemd-networkd\n dhcpv6 option handling (CVE-2018-15688)\n\n - systemd: stack overflow when calling syslog from a\n command with long cmdline (CVE-2018-16864)\n\n - systemd: stack overflow when receiving many journald\n entries (CVE-2018-16865)\n\n - systemd: Assertion failure when PID 1 receives a\n zero-length message over notify socket(CVE-2016-7795)\n\n - systemd: Unsafe handling of hard links allowing\n privilege escalation(CVE-2017-18078)\n\n - systemd: Out-of-bounds write in systemd-resolved due to\n allocating too small buffer in\n dns_packet_new(CVE-2017-9445)\n\n - systemd: memory leak in journald-server.c introduced by\n fix for CVE-2018-16864 (CVE-2019-3815)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1045\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e6909a6e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected systemd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15688\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:systemd-sysv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"systemd-219-57.h71.eulerosv2r7\",\n \"systemd-devel-219-57.h71.eulerosv2r7\",\n \"systemd-libs-219-57.h71.eulerosv2r7\",\n \"systemd-python-219-57.h71.eulerosv2r7\",\n \"systemd-sysv-219-57.h71.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2022-06-08T05:15:59", "description": "It was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim's one may advertise itself as a DHCPv6 server and exploit this flaw to cause a Denial of Service or potentially gain code execution on the victim's machine.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-13T06:45:36", "type": "redhatcve", "title": "CVE-2018-15688", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15688"], "modified": "2022-06-08T05:01:06", "id": "RH:CVE-2018-15688", "href": "https://access.redhat.com/security/cve/cve-2018-15688", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2022-02-10T00:00:00", "description": "Felix Wilhelm discovered that the systemd-networkd DHCPv6 client \nincorrectly handled certain DHCPv6 messages. In configurations where \nsystemd-networkd is being used, an attacker on the same network could use \nthis issue to cause systemd-networkd to crash, resulting in a denial of \nservice, or possibly execute arbitrary code.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-05T00:00:00", "type": "ubuntu", "title": "systemd vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15688"], "modified": "2018-11-05T00:00:00", "id": "USN-3806-1", "href": "https://ubuntu.com/security/notices/USN-3806-1", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2022-02-10T00:00:00", "description": "**Issue Overview:**\n\nIt was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim's one may advertise itself as a DHCPv6 server and exploit this flaw to cause a Denial of Service or potentially gain code execution on the victim's machine.(CVE-2018-15688)\n\n \n**Affected Packages:** \n\n\nNetworkManager\n\n \n**Issue Correction:** \nRun _yum update NetworkManager_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 NetworkManager-1.12.0-8.amzn2.0.2.aarch64 \n \u00a0\u00a0\u00a0 NetworkManager-adsl-1.12.0-8.amzn2.0.2.aarch64 \n \u00a0\u00a0\u00a0 NetworkManager-bluetooth-1.12.0-8.amzn2.0.2.aarch64 \n \u00a0\u00a0\u00a0 NetworkManager-team-1.12.0-8.amzn2.0.2.aarch64 \n \u00a0\u00a0\u00a0 NetworkManager-wifi-1.12.0-8.amzn2.0.2.aarch64 \n \u00a0\u00a0\u00a0 NetworkManager-wwan-1.12.0-8.amzn2.0.2.aarch64 \n \u00a0\u00a0\u00a0 NetworkManager-ppp-1.12.0-8.amzn2.0.2.aarch64 \n \u00a0\u00a0\u00a0 NetworkManager-glib-1.12.0-8.amzn2.0.2.aarch64 \n \u00a0\u00a0\u00a0 NetworkManager-glib-devel-1.12.0-8.amzn2.0.2.aarch64 \n \u00a0\u00a0\u00a0 NetworkManager-libnm-1.12.0-8.amzn2.0.2.aarch64 \n \u00a0\u00a0\u00a0 NetworkManager-libnm-devel-1.12.0-8.amzn2.0.2.aarch64 \n \u00a0\u00a0\u00a0 NetworkManager-tui-1.12.0-8.amzn2.0.2.aarch64 \n \u00a0\u00a0\u00a0 NetworkManager-debuginfo-1.12.0-8.amzn2.0.2.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 NetworkManager-1.12.0-8.amzn2.0.2.i686 \n \u00a0\u00a0\u00a0 NetworkManager-adsl-1.12.0-8.amzn2.0.2.i686 \n \u00a0\u00a0\u00a0 NetworkManager-bluetooth-1.12.0-8.amzn2.0.2.i686 \n \u00a0\u00a0\u00a0 NetworkManager-team-1.12.0-8.amzn2.0.2.i686 \n \u00a0\u00a0\u00a0 NetworkManager-wifi-1.12.0-8.amzn2.0.2.i686 \n \u00a0\u00a0\u00a0 NetworkManager-wwan-1.12.0-8.amzn2.0.2.i686 \n \u00a0\u00a0\u00a0 NetworkManager-ppp-1.12.0-8.amzn2.0.2.i686 \n \u00a0\u00a0\u00a0 NetworkManager-glib-1.12.0-8.amzn2.0.2.i686 \n \u00a0\u00a0\u00a0 NetworkManager-glib-devel-1.12.0-8.amzn2.0.2.i686 \n \u00a0\u00a0\u00a0 NetworkManager-libnm-1.12.0-8.amzn2.0.2.i686 \n \u00a0\u00a0\u00a0 NetworkManager-libnm-devel-1.12.0-8.amzn2.0.2.i686 \n \u00a0\u00a0\u00a0 NetworkManager-tui-1.12.0-8.amzn2.0.2.i686 \n \u00a0\u00a0\u00a0 NetworkManager-debuginfo-1.12.0-8.amzn2.0.2.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 NetworkManager-config-server-1.12.0-8.amzn2.0.2.noarch \n \u00a0\u00a0\u00a0 NetworkManager-dispatcher-routing-rules-1.12.0-8.amzn2.0.2.noarch \n \n src: \n \u00a0\u00a0\u00a0 NetworkManager-1.12.0-8.amzn2.0.2.src \n \n x86_64: \n \u00a0\u00a0\u00a0 NetworkManager-1.12.0-8.amzn2.0.2.x86_64 \n \u00a0\u00a0\u00a0 NetworkManager-adsl-1.12.0-8.amzn2.0.2.x86_64 \n \u00a0\u00a0\u00a0 NetworkManager-bluetooth-1.12.0-8.amzn2.0.2.x86_64 \n \u00a0\u00a0\u00a0 NetworkManager-team-1.12.0-8.amzn2.0.2.x86_64 \n \u00a0\u00a0\u00a0 NetworkManager-wifi-1.12.0-8.amzn2.0.2.x86_64 \n \u00a0\u00a0\u00a0 NetworkManager-wwan-1.12.0-8.amzn2.0.2.x86_64 \n \u00a0\u00a0\u00a0 NetworkManager-ppp-1.12.0-8.amzn2.0.2.x86_64 \n \u00a0\u00a0\u00a0 NetworkManager-glib-1.12.0-8.amzn2.0.2.x86_64 \n \u00a0\u00a0\u00a0 NetworkManager-glib-devel-1.12.0-8.amzn2.0.2.x86_64 \n \u00a0\u00a0\u00a0 NetworkManager-libnm-1.12.0-8.amzn2.0.2.x86_64 \n \u00a0\u00a0\u00a0 NetworkManager-libnm-devel-1.12.0-8.amzn2.0.2.x86_64 \n \u00a0\u00a0\u00a0 NetworkManager-tui-1.12.0-8.amzn2.0.2.x86_64 \n \u00a0\u00a0\u00a0 NetworkManager-debuginfo-1.12.0-8.amzn2.0.2.x86_64 \n \n \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-01-07T22:07:00", "type": "amazon", "title": "Important: NetworkManager", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15688"], "modified": "2019-01-09T01:11:00", "id": "ALAS2-2019-1144", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1144.html", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-10T00:00:00", "description": "**Issue Overview:**\n\nAn allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate privileges.(CVE-2018-16864)\n\nIt was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim's one may advertise itself as a DHCPv6 server and exploit this flaw to cause a Denial of Service or potentially gain code execution on the victim's machine.(CVE-2018-15688)\n\nAn allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges.(CVE-2018-16865)\n\n \n**Affected Packages:** \n\n\nsystemd\n\n \n**Issue Correction:** \nRun _yum update systemd_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 systemd-219-57.amzn2.0.8.aarch64 \n \u00a0\u00a0\u00a0 systemd-libs-219-57.amzn2.0.8.aarch64 \n \u00a0\u00a0\u00a0 systemd-devel-219-57.amzn2.0.8.aarch64 \n \u00a0\u00a0\u00a0 systemd-sysv-219-57.amzn2.0.8.aarch64 \n \u00a0\u00a0\u00a0 systemd-python-219-57.amzn2.0.8.aarch64 \n \u00a0\u00a0\u00a0 libgudev1-219-57.amzn2.0.8.aarch64 \n \u00a0\u00a0\u00a0 libgudev1-devel-219-57.amzn2.0.8.aarch64 \n \u00a0\u00a0\u00a0 systemd-journal-gateway-219-57.amzn2.0.8.aarch64 \n \u00a0\u00a0\u00a0 systemd-networkd-219-57.amzn2.0.8.aarch64 \n \u00a0\u00a0\u00a0 systemd-resolved-219-57.amzn2.0.8.aarch64 \n \u00a0\u00a0\u00a0 systemd-debuginfo-219-57.amzn2.0.8.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 systemd-219-57.amzn2.0.8.i686 \n \u00a0\u00a0\u00a0 systemd-libs-219-57.amzn2.0.8.i686 \n \u00a0\u00a0\u00a0 systemd-devel-219-57.amzn2.0.8.i686 \n \u00a0\u00a0\u00a0 systemd-sysv-219-57.amzn2.0.8.i686 \n \u00a0\u00a0\u00a0 systemd-python-219-57.amzn2.0.8.i686 \n \u00a0\u00a0\u00a0 libgudev1-219-57.amzn2.0.8.i686 \n \u00a0\u00a0\u00a0 libgudev1-devel-219-57.amzn2.0.8.i686 \n \u00a0\u00a0\u00a0 systemd-journal-gateway-219-57.amzn2.0.8.i686 \n \u00a0\u00a0\u00a0 systemd-networkd-219-57.amzn2.0.8.i686 \n \u00a0\u00a0\u00a0 systemd-resolved-219-57.amzn2.0.8.i686 \n \u00a0\u00a0\u00a0 systemd-debuginfo-219-57.amzn2.0.8.i686 \n \n src: \n \u00a0\u00a0\u00a0 systemd-219-57.amzn2.0.8.src \n \n x86_64: \n \u00a0\u00a0\u00a0 systemd-219-57.amzn2.0.8.x86_64 \n \u00a0\u00a0\u00a0 systemd-libs-219-57.amzn2.0.8.x86_64 \n \u00a0\u00a0\u00a0 systemd-devel-219-57.amzn2.0.8.x86_64 \n \u00a0\u00a0\u00a0 systemd-sysv-219-57.amzn2.0.8.x86_64 \n \u00a0\u00a0\u00a0 systemd-python-219-57.amzn2.0.8.x86_64 \n \u00a0\u00a0\u00a0 libgudev1-219-57.amzn2.0.8.x86_64 \n \u00a0\u00a0\u00a0 libgudev1-devel-219-57.amzn2.0.8.x86_64 \n \u00a0\u00a0\u00a0 systemd-journal-gateway-219-57.amzn2.0.8.x86_64 \n \u00a0\u00a0\u00a0 systemd-networkd-219-57.amzn2.0.8.x86_64 \n \u00a0\u00a0\u00a0 systemd-resolved-219-57.amzn2.0.8.x86_64 \n \u00a0\u00a0\u00a0 systemd-debuginfo-219-57.amzn2.0.8.x86_64 \n \n \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-13T18:37:00", "type": "amazon", "title": "Important: systemd", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15688", "CVE-2018-16864", "CVE-2018-16865"], "modified": "2019-02-14T04:04:00", "id": "ALAS2-2019-1160", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1160.html", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2022-02-10T00:00:00", "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n# Description\n\nFelix Wilhelm discovered that the systemd-networkd DHCPv6 client incorrectly handled certain DHCPv6 messages. In configurations where systemd-networkd is being used, an attacker on the same network could use this issue to cause systemd-networkd to crash, resulting in a denial of service, or possibly execute arbitrary code.\n\nCVEs contained in this USN include: CVE-2018-15688\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 170.x versions prior to 170.6\n * 97.x versions prior to 97.33\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs3 prior to 0.35.0\n\n# Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 170.x versions to 170.6\n * Upgrade 97.x versions to 97.33\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.35.0 or later.\n\n# References\n\n * [USN-3806-1](<https://usn.ubuntu.com/3806-1>)\n * [CVE-2018-15688](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-15688>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-20T00:00:00", "type": "cloudfoundry", "title": "USN-3806-1: systemd vulnerability | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15688"], "modified": "2018-11-20T00:00:00", "id": "CFOUNDRY:47ECCE360A3CA7D7D9F45EB019C00E9D", "href": "https://www.cloudfoundry.org/blog/usn-3806-1/", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "ibm": [{"lastseen": "2022-02-10T00:00:00", "description": "## Summary\n\nPowerKVM is affected by a vulnerability in systemd (NetworkManager). IBM has now addressed this vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-15688](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15688>) \n**DESCRIPTION:** systemd is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the dhcp6 client. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152041> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nPowerKVM 3.1\n\n## Remediation/Fixes\n\nCustomers can update PowerKVM systems by using \"yum update\". \n\nFix images are made available via Fix Central. For version 3.1, see https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17.\n\n## Workarounds and Mitigations\n\nnone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n8 Jan 2019 - Initial Version\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Product\":{\"code\":\"SSZJY4\",\"label\":\"PowerKVM\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"3.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive Systems\"}}]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-03-04T05:55:02", "type": "ibm", "title": "Security Bulletin: A vulnerability in NetworkManager affects PowerKVM", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15688"], "modified": "2019-03-04T05:55:02", "id": "F46A4C43F77DC9BD8DC54150842759039BC0DD99D85EC00E2DEF629A08702F73", "href": "https://www.ibm.com/support/pages/node/794307", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-10T00:00:00", "description": "## Summary\n\nPowerKVM is affected by vulnerabilities in systemd. IBM has now addressed these vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-16865](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16865>) \n**DESCRIPTION:** systemd is vulnerable to a denial of service, caused by a memory corruption flaw when calling the alloca function. By sending specially-crafted command arguments, a local attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155359> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-16864](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16864>) \n**DESCRIPTION:** systemd is vulnerable to a denial of service, caused by a memory corruption flaw when calling the syslog function. By sending specially-crafted command arguments, a local attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155358> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-15688](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15688>) \n**DESCRIPTION:** systemd is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the dhcp6 client. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152041> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2019-3815](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3815>) \n**DESCRIPTION:** systemd is vulnerable to a denial of service, caused by a memory leak in the function dispatch_message_real() in journald-server.c. A local attacker could exploit this vulnerability to make systemd-journald crash. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/156227> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-6454](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6454>) \n**DESCRIPTION:** systemd is vulnerable to a denial of service, caused by a flaw in the bus_process_object function in bus-objects.c. By sending a specially-crafted DBUS nessage, a local authenticated attacker could exploit this vulnerability to crash PID 1 and result in a subsequent kernel panic. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157193> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nPowerKVM 3.1\n\n## Remediation/Fixes\n\nCustomers can update PowerKVM systems by using \"yum update\". \n\nFix images are made available via Fix Central. For version 3.1, see https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17.\n\n## Workarounds and Mitigations\n\nnone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n24 January 2019 - Initial Version\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Product\":{\"code\":\"SSZJY4\",\"label\":\"PowerKVM\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"3.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive Systems\"}}]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-03-04T05:50:01", "type": "ibm", "title": "Security Bulletin: Vulnerabiliies in systemd affect PowerKVM", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15688", "CVE-2018-16864", "CVE-2018-16865", "CVE-2019-3815", "CVE-2019-6454"], "modified": "2019-03-04T05:50:01", "id": "54FB6726805D886796865FF32608051BEE914B969DCB3300B1E662574A92A04E", "href": "https://www.ibm.com/support/pages/node/869078", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-30T21:40:46", "description": "## Summary\n\nMultiple security vulnerabilities have been identified and fixed in the IBM Security Privileged Identity Manager Appliance.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-1049](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1049>) \n**DESCRIPTION:** Systemd is vulnerable to a denial of service, caused by a race condition between .mount and .automount units. A remote authenticated attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138105> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2017-3738](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3738>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. An attacker could exploit this vulnerability to obtain information about the private key. Note: In order to exploit this vulnerability, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136078> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3737](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3737>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to bypass security restrictions, caused by a flaw in the \\\"error state\\\" mechanism when directly calling SSL_read() or SSL_write() for an SSL object after receiving a fatal error. An attacker could exploit this vulnerability to bypass the decryption or encryption process and perform unauthorized actions. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136077> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2017-3736](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2017-6464](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6464>) \n**DESCRIPTION:** NTP is vulnerable to a denial of service. A remote authenticated attacker could exploit this vulnerability using a malformed mode configuration directive to cause the application to crash. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123610> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2017-6463](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6463>) \n**DESCRIPTION:** NTP is vulnerable to a denial of service. By sending an invalid setting, a remote authenticated attacker could exploit this vulnerability using the :config directive to cause the daemon to crash. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123612> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2017-6462](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6462>) \n**DESCRIPTION:** NTP is vulnerable to a denial of service, caused by a buffer overflow in the legacy Datum Programmable Time Server refclock driver. By sending specially crafted packets, a local authenticated attacker could exploit this vulnerability to overflow a buffer and cause a denial of service. \nCVSS Base Score: 1.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123611> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-3639](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639>) \n**DESCRIPTION:** Multiple Intel CPU's could allow a local attacker to obtain sensitive information, caused by utilizing sequences of speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known. By conducting targeted cache side-channel attacks, an attacker could exploit this vulnerability to bypass security restrictions and gain read access to privileged memory. Note: This vulnerability is the Speculative Store Bypass (SSB), also known as Variant 4 or \"SpectreNG\". \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143569> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-11368](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11368>) \n**DESCRIPTION:** MIT Kerberos 5 is vulnerable to a denial of service, caused by a KDC assertion failure. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause memory allocation failure. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/130207> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2017-7562](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7562>) \n**DESCRIPTION:** MIT krb5 could allow a remote authenticated attacker to bypass security restrictions, caused by the improper validation of a forged certificate EKU and SAN. An attacker could exploit vulnerability to gain unauthorized access to the system to impersonate arbitrary principals under rare and erroneous circumstances. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143332> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2017-1000407](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000407>) \n**DESCRIPTION:** Linux Kernel, built with the KVM virtualization(CONFIG_KVM) support, is vulnerable to a denial of service, caused by improper validation of user-supplied input at the diagnostic port. By flooding the diagnostic port 0x80, a remote authenticated attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136235> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2017-18017](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18017>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw in the tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c. By leveraging the presence of xt_TCPMSS in an iptables action, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137122> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2017-15116](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15116>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by NULL pointer dereference in the rngapi_reset function in crypto/rng.c. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135735> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-15670](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15670>) \n**DESCRIPTION:** GNU C Library is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the glob function in glob.c. By sending a specially-crafted string, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133915> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2017-12132](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12132>) \n**DESCRIPTION:** GNU C Library (aka glibc or libc6) could allow a remote attacker to conduct spoofing attacks, caused by a flaw in the DNS stub resolver. An attacker could exploit this vulnerability to perform off-path DNS spoofing attacks. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/129949> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2015-5180](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5180>) \n**DESCRIPTION:** glibc is vulnerable to a denial of service, caused by a NULL pointer dereference in the res_query function in libresolv. By using a malformed pattern, a remote attacker could cause the process to crash. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/130620> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1000199](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000199>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a ptrace() error handling flaw. By invoking the modify_user_hw_breakpoint() function, a local attacker could exploit this vulnerability to cause the kernel to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142654> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-8897](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8897>) \n**DESCRIPTION:** Multiple operating systems could allow a local authenticated attacker to gain elevated privileges on the system, caused by developer interpretation of hardware debug exception documentation for the MOV to SS and POP SS instructions. An attacker could exploit this vulnerability using operating system APIs to obtain sensitive memory information or control low-level operating system functions and other unexpected behavior. \nCVSS Base Score: 7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142242> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1091](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1091>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a missing processor feature check in the flush_tmregs_to_thread function. A local attacker could exploit this vulnerability to cause the guest kernel to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140892> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1087](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1087>) \n**DESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by the improper handling of exceptions delivered after a stack switch operation using the MOV to SS and POP SS instructions by the KVM hypervisor. An attacker could exploit this vulnerability to gain elevated privileges or cause the guest to crash. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142976> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1068](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1068>) \n**DESCRIPTION:** Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an error in the implementation of 32 bit syscall interface. An attacker could exploit this vulnerability to gain root privileges on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140403> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2017-16939](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16939>) \n**DESCRIPTION:** Linux Kernel could allow a remote attacker to gain elevated privileges on the system, caused by an use-after-free in the Netlink socket subsystem XFRM. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain privileges. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135317> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1113](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1113>) \n**DESCRIPTION:** Setup Project could allow a remote attacker to bypass security restrictions, caused by an issue with adding /sbin/nologin and /usr/sbin/nologin to /etc/shells. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147843> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-0494](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0494>) \n**DESCRIPTION:** GNU Wget could allow a remote attacker to bypass security restrictions, caused by the failure to properly process Set-Cookie responses. By sending a specially-crafted Set-Cookie -header request, an attacker could exploit this vulnerability to inject arbitrary cookies into the cookie jar file and set and modify cookies on the target system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142899> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2017-1000050](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000050>) \n**DESCRIPTION:** JasPer is vulnerable to a denial of service, caused by a NULL pointer exception in the jp2_encode function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/130253> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2016-9396](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9396>) \n**DESCRIPTION:** JasPer is vulnerable to a denial of service, caused by an error in the JPC_NOMINALGAIN function in jpc_t1cod.c. By using unspecified vectors, an attacker could exploit this vulnerability to trigger an assertion failure. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123690> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1061](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1061>) \n**DESCRIPTION:** Python is vulnerable to a denial of service, caused by catastrophic backtracking in the difflib.IS_LINE_JUNK method. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/145115> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1060](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060>) \n**DESCRIPTION:** Python is vulnerable to a denial of service, caused by catastrophic backtracking in the pop3lib''s apop() method. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/145116> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-10846](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10846>) \n**DESCRIPTION:** GnuTLS could allow a local authenticated attacker to obtain sensitive information, caused by a cache-based side channel issue. By using a combination of Just in Time Prime+probe attack in combination with Lucky-13 attack, a remote attacker could exploit this vulnerability to recover plain text and obtain information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148725> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-10845](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10845>) \n**DESCRIPTION:** GnuTLS could allow a remote attacker to obtain sensitive information, caused by a flaw in the implementation of HMAC-SHA-384. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to obtain information. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148730> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-10844](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10844>) \n**DESCRIPTION:** GnuTLS could allow a remote attacker to obtain sensitive information, caused by a flaw in the implementation of HMAC-SHA-256. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to obtain information. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148731> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-5730](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5730>) \n**DESCRIPTION:** MIT krb5 could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the LDAP Kerberos database. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass DN container check. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139970> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-5729](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5729>) \n**DESCRIPTION:** MIT krb5 is vulnerable to a denial of service, caused by a NULL pointer dereference in the LDAP Kerberos database. By sending specially-crafted data, a remote authenticated attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139969> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-5391](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5391>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper handling of the reassembly of fragmented IPv4 and IPv6 packets by the IP implementation. By sending specially crafted IP fragments with random offsets, a remote attacker could exploit this vulnerability to exhaust all available CPU resources and cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148388> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-15688](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15688>) \n**DESCRIPTION:** systemd is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the dhcp6 client. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152041> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-1618](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1618>) \n**DESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144343> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-1640](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1640>) \n**DESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144580> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1680](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1680>) \n**DESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/145236> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-1680](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1680>) \n**DESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/145236> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-1622](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1622>) \n**DESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144348> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-1623](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1623>) \n**DESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance allows web pages to be stored locally which can be read by another user on the system. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144408> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-1626](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1626>) \n**DESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144411> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-1625](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1625>) \n**DESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance generates an error message that includes sensitive information about its environment, users, or associated data. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144410> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-5725](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5725>) \n**DESCRIPTION:** JSch could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to the implementation for recursive sftp-get containing \"dot dot\" sequences (/../) to download the malicious files outside the client download base directory. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117122> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\n#### CVE Information: (copy/paste-able; will update after page submission. Provided by system to make it easy to cut and paste data.)\n\n**CVEID:** [CVE-2016-1182](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1182>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the failure to properly properly restrict the Validator configuration bin ActionServlet.java. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113853> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2016-1181](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1181>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113852> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2014-0114](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [CVE-2015-0899](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0899>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit this vulnerability using a modified page parameter to bypass restrictions and launch further attacks on the system. This vulnerability also affects other products. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101770> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2016-0705](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-3732](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3736](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-1428](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1428>) \n**DESCRIPTION:** IBM GSKit uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139073> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-1427](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1427>) \n**DESCRIPTION:** IBM GSKit contains several enviornment variables that a local attacker could overflow and cause a denial of service. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139072> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1426](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1426>) \n**DESCRIPTION:** IBM GSKit duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139071> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-1567](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1567>) \n**DESCRIPTION:** IBM WebSphere Application Server could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143024> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1719](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1719>) \n**DESCRIPTION:** IBM WebSphere Application Server could provide weaker than expected security under certain conditions. This could result in a downgrade of TLS protocol. A remote attacker could exploit this vulnerability to perform man-in-the-middle attacks. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147292> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2014-7810](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7810>) \n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the use of expression language. An attacker could exploit this vulnerability to bypass the protections of a Security Manager. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103155> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2018-1794](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1794>) \n**DESCRIPTION:** IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148949> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-1767](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1767>) \n**DESCRIPTION:** IBM WebSphere Application Server Cachemonitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148621> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-1901](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1901>) \n**DESCRIPTION:** IBM WebSphere Application Server could allow a remote attacker to temporarily gain elevated privileges on the system, caused by incorrect cached value being used. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152530> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-1904](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1904>) \n**DESCRIPTION:** IBM WebSphere Application Server could allow remote attackers to execute arbitrary Java code through an administrative client class with a serialized object from untrusted sources. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152533> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3139](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3139>)\n\n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151455> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-3136](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3136>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151452> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-13785](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13785>) \n**DESCRIPTION:** libpng is vulnerable to a denial of service, caused by a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146015> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-3214](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3214>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Sound component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151530> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-3180](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3180>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151497> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-3149](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3149>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151465> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3169](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3169>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151486> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3183](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3183>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Scripting component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151500> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2677](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2641](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2641>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137893> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2783](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-1656](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1656>) \n**DESCRIPTION:** The IBM Java Runtime Environment''s Diagnostic Tooling Framework for Java (DTFJ) does not protect against path traversal attacks when extracting compressed dump files. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144882> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2973](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2973>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JSSE component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146835> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-1517](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1517>) \n**DESCRIPTION:** A flaw in the java.math component in IBM SDK, Java Technology Edition may allow an attacker to inflict a denial-of-service attack with specially crafted String data. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141681> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-2964](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2964>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146827> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-12539](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12539>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the failure to restrict the use of Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations to only the process owner. An attacker could exploit this vulnerability to execute untrusted native code and gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148389> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Security Privileged Identity Manager 2.1.1\n\n## Remediation/Fixes\n\nProduct | VRMF | Remediation/First Fix \n---|---|--- \nIBM Security Privileged Identity Manager | 2.1.1 | [2.1.1-ISS-ISPIM-VA-FP0002](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Privileged+Identity+Manager&release=2.1.1&platform=All&function=fixId&fixids=2.1.1-ISS-ISPIM-VA-FP0002&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n29 March 2019: Original Version Published.\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Internal Use Only\n\nAdvisory ids: 11300, 11943, 11982. 12275, 12239, 12141, 12393, 12569, 13834, 13856, 13887, 13942, 14006. 14095, 14228, 14936, 12166, 12213, 12224, 12167, 12205, 12206, 12208, 12209, 12202, 12203, 11295, 11846, 12744, 13142, 12982, 12873, 13768, 13303, 13768, 13809, 10955, 11819, 12959\n\nProduct Records: 112064, 114977, 115026, 116483, 116623, 118055, 118344, 121198, 124575, 125014, 125619, 126182, 126311, 126439, 127307, 129525, 116150, 116290, 116305, 116151, 116278, 116279, 116281, 116282, 116285, 116287, 111858, 121139, 121500, 123361, 123696, 124234, 127808, 127991, 127859, 124904, 111046, 114622, 120197\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSRQBP\",\"label\":\"IBM Security Privileged Identity Manager\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"2.1.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}] \n\n## Product Synonym\n\nISPIM", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-09-17T15:34:01", "type": "ibm", "title": "Security Bulletin: Multiple Security Vulnerabilities have been fixed in IBM Security Privileged Identity Manager Appliance.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114", "CVE-2014-7810", "CVE-2015-0899", "CVE-2015-5180", "CVE-2016-0701", "CVE-2016-0705", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-5725", "CVE-2016-9396", "CVE-2017-1000050", "CVE-2017-1000407", "CVE-2017-11368", "CVE-2017-12132", "CVE-2017-15116", "CVE-2017-15670", "CVE-2017-16939", "CVE-2017-18017", "CVE-2017-3732", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464", "CVE-2017-7562", "CVE-2018-0494", "CVE-2018-1000199", "CVE-2018-1049", "CVE-2018-1060", "CVE-2018-1061", "CVE-2018-1068", "CVE-2018-10844", "CVE-2018-10845", "CVE-2018-10846", "CVE-2018-1087", "CVE-2018-1091", "CVE-2018-1113", "CVE-2018-12539", "CVE-2018-13785", "CVE-2018-1426", "CVE-2018-1427", "CVE-2018-1428", "CVE-2018-1517", "CVE-2018-1567", "CVE-2018-15688", "CVE-2018-1618", "CVE-2018-1622", "CVE-2018-1623", "CVE-2018-1625", "CVE-2018-1626", "CVE-2018-1640", "CVE-2018-1656", "CVE-2018-1680", "CVE-2018-1719", "CVE-2018-1767", "CVE-2018-1794", "CVE-2018-1901", "CVE-2018-1904", "CVE-2018-2641", "CVE-2018-2677", "CVE-2018-2783", "CVE-2018-2964", "CVE-2018-2973", "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3183", "CVE-2018-3214", "CVE-2018-3639", "CVE-2018-5391", "CVE-2018-5729", "CVE-2018-5730", "CVE-2018-8897"], "modified": "2019-09-17T15:34:01", "id": "3E3AF8AC7BA63076BEE8FFB670B3A3F27E0903C83526E54496E50EB2DF74B875", "href": "https://www.ibm.com/support/pages/node/879093", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "photon": [{"lastseen": "2021-11-03T21:01:14", "description": "An update of {'systemd'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-06T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2018-2.0-0107", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15688"], "modified": "2018-11-06T00:00:00", "id": "PHSA-2018-2.0-0107", "href": "https://github.com/vmware/photon/wiki/Security-Updates-2-107", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-25T02:27:43", "description": "Updates of ['systemd'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-07T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2018-0107", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15688"], "modified": "2018-11-07T00:00:00", "id": "PHSA-2018-0107", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-107", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:05:37", "description": "Updates of ['libxml2', 'systemd'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-06T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2018-0193", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14404", "CVE-2018-15688"], "modified": "2018-11-06T00:00:00", "id": "PHSA-2018-0193", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-193", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-03T11:51:33", "description": "An update of {'systemd', 'libxml2'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-06T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2018-1.0-0193", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14404", "CVE-2018-15688"], "modified": "2018-11-06T00:00:00", "id": "PHSA-2018-1.0-0193", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-193", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2022-02-10T00:00:00", "description": "A buffer overflow vulnerability in the dhcp6 client of systemd allows a\nmalicious dhcp6 server to overwrite heap memory in systemd-networkd.\nAffected releases are systemd: versions up to and including 239.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1795921>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912008>\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-10-26T00:00:00", "type": "ubuntucve", "title": "CVE-2018-15688", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15688"], "modified": "2018-10-26T00:00:00", "id": "UB:CVE-2018-15688", "href": "https://ubuntu.com/security/CVE-2018-15688", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2022-02-27T11:50:50", "description": "**CentOS Errata and Security Advisory** CESA-2018:3665\n\n\nNetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services.\n\nSecurity Fix(es):\n\n* systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Ubuntu Security Team for reporting this issue. Upstream acknowledges Felix Wilhelm (Google) as the original reporter.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2018-December/060035.html\n\n**Affected packages:**\nNetworkManager\nNetworkManager-adsl\nNetworkManager-bluetooth\nNetworkManager-config-server\nNetworkManager-dispatcher-routing-rules\nNetworkManager-glib\nNetworkManager-glib-devel\nNetworkManager-libnm\nNetworkManager-libnm-devel\nNetworkManager-ovs\nNetworkManager-ppp\nNetworkManager-team\nNetworkManager-tui\nNetworkManager-wifi\nNetworkManager-wwan\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2018:3665", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-12-13T20:45:55", "type": "centos", "title": "NetworkManager security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15688"], "modified": "2018-12-13T20:45:55", "id": "CESA-2018:3665", "href": "https://lists.centos.org/pipermail/centos-announce/2018-December/060035.html", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-27T11:50:48", "description": "**CentOS Errata and Security Advisory** CESA-2019:0049\n\n\nThe systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.\n\nSecurity Fix(es):\n\n* systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688)\n\n* systemd: stack overflow when calling syslog from a command with long cmdline (CVE-2018-16864)\n\n* systemd: stack overflow when receiving many journald entries (CVE-2018-16865)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Ubuntu Security Team for reporting CVE-2018-15688 and Qualys Research Labs for reporting CVE-2018-16864 and CVE-2018-16865. Upstream acknowledges Felix Wilhelm (Google) as the original reporter of CVE-2018-15688.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2019-January/060062.html\n\n**Affected packages:**\nlibgudev1\nlibgudev1-devel\nsystemd\nsystemd-devel\nsystemd-journal-gateway\nsystemd-libs\nsystemd-networkd\nsystemd-python\nsystemd-resolved\nsystemd-sysv\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2019:0049", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-01-15T11:38:56", "type": "centos", "title": "libgudev1, systemd security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15688", "CVE-2018-16864", "CVE-2018-16865"], "modified": "2019-01-15T11:38:56", "id": "CESA-2019:0049", "href": "https://lists.centos.org/pipermail/centos-announce/2019-January/060062.html", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:24:28", "description": "[1:1.12.0-8]\n- dhcp: fix out-of-bounds heap write for DHCPv6 with internal plugin (CVE-2018-15688)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-27T00:00:00", "type": "oraclelinux", "title": "NetworkManager security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15688"], "modified": "2018-11-27T00:00:00", "id": "ELSA-2018-3665", "href": "http://linux.oracle.com/errata/ELSA-2018-3665.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:25:05", "description": "[219-62.0.4]\n- do not create utmp update symlinks for reboot and poweroff [Orabug: 27854896]\n- OL7 udev rule for virtio net standby interface [Orabug: 28826743]\n- fix _netdev is missing for iscsi entry in /etc/fstab [Orabug: 25897792] (tony.l.lam@oracle.com)\n- set 'RemoveIPC=no' in logind.conf as default for OL7.2 [22224874]\n- allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469]\n- add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475]\n[219-62.2]\n- journald: do not store the iovec entry for process commandline on stack (#1657788)\n- journald: set a limit on the number of fields (1k) (#1657792)\n- journal-remote: set a limit on the number of fields in a message (#1657792)\n[219-62.1]\n- dhcp6: make sure we have enough space for the DHCP6 option header (CVE-2018-15688)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-01-14T00:00:00", "type": "oraclelinux", "title": "systemd security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15688", "CVE-2018-16864", "CVE-2018-16865"], "modified": "2019-01-14T00:00:00", "id": "ELSA-2019-0049", "href": "http://linux.oracle.com/errata/ELSA-2019-0049.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-27T02:28:47", "description": "[219-67.0.1]\n- do not create utmp update symlinks for reboot and poweroff [Orabug: 27854896]\n- OL7 udev rule for virtio net standby interface [Orabug: 28826743]\n- fix _netdev is missing for iscsi entry in /etc/fstab [Orabug: 25897792] (tony.l.lam@oracle.com)\n- set 'RemoveIPC=no' in logind.conf as default for OL7.2 [22224874]\n- allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469]\n- add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475]\n[219-67]\n- fix mis-merge (#1714503)\n- fs-util: chase_symlinks(): prevent double fre (#1714782)\n[219-66]\n- sd-bus: unify three code-paths which free struct bus_container (#1643394)\n- hashmap: dont use mempool (#1609349)\n- man: be more explicit about thread safety of sd_journal (#1609349)\n- selinux: dont log SELINUX_INFO and SELINUX_WARNING messages to audit (#1240730)\n[219-65]\n- backport fd_is_fs_type (#1663143)\n- backport chase_symlinks (#1663143)\n- fs-util: add new CHASE_SAFE flag to chase_symlinks() (#1663143)\n- fs-util: add new chase_symlinks() flag CHASE_OPEN (#1663143)\n- sd-dameon: also sent ucred when our UID differs from EUID (#1663143)\n- notify: add new --uid= command (#1663143)\n- core: be stricter when handling PID files and MAINPID sd_notify() messages (#1663143)\n- journald: respect KeepFree= as well as MaxUse= values (#1361893)\n- shutdown: in_container was used before its definition (#1693716)\n- core: Fix edge case when processing /proc/self/mountinfo (#1691511)\n- sd-bus: deal with cookie overruns (#1693559)\n- Refuse dbus message paths longer than BUS_PATH_SIZE_MAX limit. (#1667871)\n- Allocate temporary strings to hold dbus paths on the heap (#1667871)\n- sd-bus: if we receive an invalid dbus message, ignore and proceeed (#1667871)\n- udev: check if the spawned PID didnt exit after reaping unexpected PID (#1697909)\n- udev: call poll() again after killing the spawned process (#1697909)\n- udev: check age against both timeouts to prevent integer wraparound (#1697909)\n- avoid possible hang if our child process hangs (#1697909)\n- missing: when adding syscall replacements, use different names (#1694605)\n- include sys/sysmacros.h in more places (#1694605)\n[219-64]\n- detect-virt: do not try to read all of /proc/cpuinfo (#1631531)\n- core: disable the effect of Restart= if theres a stop job pending for a service (#6581) (#1626382)\n- networkd: respect DHCP UseRoutes option (#1663365)\n- networkd: fix dhcp4 link without routes not being considered ready (#8728) (#1663365)\n- networkd: dont crash when mtu changes (#6594) (#1663365)\n- tmpfiles: 'e' takes globs (#1641764)\n- tmpfiles: 'e' is supposed to operate on directory only (#1641764)\n- tmpfiles: 'e' is supposed to accept shell-style globs (#1641764)\n- bus-message: do not crash on message with a string of zero length (#1643396)\n- Revert 'bus: when dumping string property values escape the chars we use as end-of-line and end-of-item marks' (#1643172)\n- set automount state to waiting when the mount is stopped (#1651257)\n- core: when deserializing state always use read_line(, LONG_LINE_MAX, ) (CVE-2018-15686)\n- shorten hostname before checking for trailing dot (#1631625)\n- journald: fixed assertion failure when system journal rotation fails (#9893) (#1619543)\n- local-addresses: handle gracefully if routes lack an RTA_OIF attribute (#1627750)\n- rules: fix memory hotplug rule so systemd-detect-virt does not run too often (#1666612)\n- 6647 - use path_startswith('/dev') in cryptsetup (#6732) (#1664695)\n- core: mount-setup: handle non-existing mountpoints gracefully (#1585411)\n- units/rescue.service.in: fix announcement message (#1660422)\n- systemctl: Allow 'edit' and 'cat' on unloaded units (#1649518)\n- main: improve RLIMIT_NOFILE handling (#5795) (#1585913)\n- shared/sleep-config: exclude zram devices from hibernation candidates (#1609816)\n- journalctl: allow --file/--directory with --boot or --list-boots (#1463678)\n- journalct: allow --boot=0 to DTRT with --file/--directory (#1463678)\n- journal-remote: show error message if output file name does not end with .journal (bz#1267552)\n- artificially serialize building of .policy files (#1272485)\n- cryptsetup: add support for sector-size= option (#9936) (#1571801)\n- cryptsetup: do not define arg_sector_size if libgcrypt is v1.x (#9990) (#1571801)\n- journal: fix syslog_parse_identifier() (#1657794)\n- journal: do not remove multiple spaces after identifier in syslog message (#1657794)\n- tmpfiles: change ownership of symlinks too (#1620110)\n- tmpfiles: fix check for figuring out whether to call chmod() (#1620110)\n- shared/install: allow 'enable' on linked unit files (#1628575)\n[219-63]\n- dhcp6: make sure we have enough space for the DHCP6 option header (CVE-2018-15688)\n- journald: do not store the iovec entry for process commandline on stack (#1657788)\n- journald: set a limit on the number of fields (1k) (#1657792)\n- journal-remote: set a limit on the number of fields in a message (#1657792)\n- journald: free cmdline buffers owned by iovec (#1666646)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-08-13T00:00:00", "type": "oraclelinux", "title": "systemd security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15686", "CVE-2018-15688", "CVE-2018-16866", "CVE-2018-16888"], "modified": "2019-08-13T00:00:00", "id": "ELSA-2019-2091", "href": "http://linux.oracle.com/errata/ELSA-2019-2091.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2021-07-28T14:46:50", "description": "NetworkManager is a system service that manages network interfaces and connections based on user or automatic configuration. It supports Ethernet, Bridge, Bond, VLAN, Team, InfiniBand, Wi-Fi, mobile broadband (WWAN), PPPoE and other devices, and supports a variety of different VPN services. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-04T05:53:43", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: NetworkManager-1.12.4-2.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15688"], "modified": "2018-11-04T05:53:43", "id": "FEDORA:DB978619EB1C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6D5EHDWAX7OYO4OCUN45WYDWUF3HTDVG/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "NetworkManager is a system service that manages network interfaces and connections based on user or automatic configuration. It supports Ethernet, Bridge, Bond, VLAN, Team, InfiniBand, Wi-Fi, mobile broadband (WWAN), PPPoE and other devices, and supports a variety of different VPN services. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-08T02:20:43", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: NetworkManager-1.10.12-2.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15688"], "modified": "2018-11-08T02:20:43", "id": "FEDORA:5DE3B649CE94", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UW55P34B3PEDZZ55K5Q6DY5LMXRWED2Z/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "NetworkManager is a system service that manages network interfaces and connections based on user or automatic configuration. It supports Ethernet, Bridge, Bond, VLAN, Team, InfiniBand, Wi-Fi, mobile broadband (WWAN), PPPoE and other devices, and supports a variety of different VPN services. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-16T03:42:02", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: NetworkManager-1.8.8-2.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15688"], "modified": "2018-11-16T03:42:02", "id": "FEDORA:BFFEE66469AF", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IIORNVJ3LRLCNPZWBPYIS3NJF5WXIQQ6/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-29T10:41:44", "description": "systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. systemd supports SysV and LSB init scripts and works as a replacement for sysvinit. Other parts of this package are a logging daemon, utilities to control basic system configuration like the hostname, date, locale, maintain a list of logged-in users and running containers and virtual machines, system accounts, runtime directories and settings, and daemons to manage simple network configuration, network time synchronization, log forwarding, and name resolution. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-01T15:07:57", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: systemd-239-6.git9f3aed1.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15686", "CVE-2018-15687", "CVE-2018-15688"], "modified": "2018-11-01T15:07:57", "id": "FEDORA:C7A34627CF63", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZIW3U6K2IVST5QJRIY2JLSR32C732ZZR/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-29T10:41:44", "description": "systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. systemd supports SysV and LSB init scripts and works as a replacement for sysvinit. Other parts of this package are a logging daemon, utilities to control basic system configuration like the hostname, date, locale, maintain a list of logged-in users and running containers and virtual machines, system accounts, runtime directories and settings, and daemons to manage simple network configuration, network time synchronization, log forwarding, and name resolution. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-04T22:10:03", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: systemd-238-10.git438ac26.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15686", "CVE-2018-15687", "CVE-2018-15688"], "modified": "2018-11-04T22:10:03", "id": "FEDORA:353CF60468D9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GDWAO2SXI45GQ5PBFG3KWYVCHBVYCND4/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-27T10:47:48", "description": "systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. systemd supports SysV and LSB init scripts and works as a replacement for sysvinit. Other parts of this package are a logging daemon, utilities to control basic system configuration like the hostname, date, locale, maintain a list of logged-in users, system accounts, runtime directories and settings, and daemons to manage simple network configuration, network time synchronization, log forwarding, and name resolution. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-01-13T02:32:41", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: systemd-239-8.gite339eae.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15686", "CVE-2018-15688", "CVE-2018-16864", "CVE-2018-16865", "CVE-2018-16866"], "modified": "2019-01-13T02:32:41", "id": "FEDORA:AB5346014BB3", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2GTRZSLLKWS4R35VD34M4NR4TLVNRTBA/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-10T00:00:00", "description": "systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. systemd supports SysV and LSB init scripts and works as a replacement for sysvinit. Other parts of this package are a logging daemon, utilities to control basic system configuration like the hostname, date, locale, maintain a list of logged-in users, system accounts, runtime directories and settings, and daemons to manage simple network configuration, network time synchronization, log forwarding, and name resolution. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-11T01:57:56", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: systemd-239-11.git4dc7dce.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15686", "CVE-2018-15688", "CVE-2018-16864", "CVE-2018-16865", "CVE-2018-16866"], "modified": "2019-02-11T01:57:56", "id": "FEDORA:D208C60874AA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/N5OLTVMFMAQMZPEOF5UNGZ7XJ2XTQSOM/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-10T00:00:00", "description": "systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. systemd supports SysV and LSB init scripts and works as a replacement for sysvinit. Other parts of this package are a logging daemon, utilities to control basic system configuration like the hostname, date, locale, maintain a list of logged-in users and running containers and virtual machines, system accounts, runtime directories and settings, and daemons to manage simple network configuration, network time synchronization, log forwarding, and name resolution. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-18T01:26:53", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: systemd-238-11.gita76ee90.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15686", "CVE-2018-15688", "CVE-2018-16864", "CVE-2018-16865", "CVE-2018-16866"], "modified": "2019-02-18T01:26:53", "id": "FEDORA:C8F726082DB8", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XUX2VFQ5ZOLCOLUYLW52BQYNSNQCOJKI/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-10T00:00:00", "description": "systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. systemd supports SysV and LSB init scripts and works as a replacement for sysvinit. Other parts of this package are a logging daemon, utilities to control basic system configuration like the hostname, date, locale, maintain a list of logged-in users, system accounts, runtime directories and settings, and daemons to manage simple network configuration, network time synchronization, log forwarding, and name resolution. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-22T03:14:37", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: systemd-239-12.git8bca462.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15686", "CVE-2018-15688", "CVE-2018-16864", "CVE-2018-16865", "CVE-2018-16866", "CVE-2019-6454"], "modified": "2019-02-22T03:14:37", "id": "FEDORA:AFDBD60E76E0", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/N67IOBOTDOMVNQJ5QRU2MXLEECXPGNVJ/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-10T00:00:00", "description": "systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. systemd supports SysV and LSB init scripts and works as a replacement for sysvinit. Other parts of this package are a logging daemon, utilities to control basic system configuration like the hostname, date, locale, maintain a list of logged-in users and running containers and virtual machines, system accounts, runtime directories and settings, and daemons to manage simple network configuration, network time synchronization, log forwarding, and name resolution. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-03-08T21:40:23", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: systemd-238-12.git07f8cd5.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15686", "CVE-2018-15688", "CVE-2018-16864", "CVE-2018-16865", "CVE-2018-16866", "CVE-2019-6454"], "modified": "2019-03-08T21:40:23", "id": "FEDORA:D013361742CE", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/U6G3TTXTNADCQ3KZN3HQMFELXTZBWNOP/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-10T00:00:00", "description": "systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. systemd supports SysV and LSB init scripts and works as a replacement for sysvinit. Other parts of this package are a logging daemon, utilities to control basic system configuration like the hostname, date, locale, maintain a list of logged-in users, system accounts, runtime directories and settings, and daemons to manage simple network configuration, network time synchronization, log forwarding, and name resolution. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-09-19T01:53:44", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: systemd-239-14.git33ccd62.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15686", "CVE-2018-15688", "CVE-2018-16864", "CVE-2018-16865", "CVE-2018-16866", "CVE-2019-15718", "CVE-2019-6454"], "modified": "2019-09-19T01:53:44", "id": "FEDORA:E66CE6076F5E", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "debiancve": [{"lastseen": "2022-06-24T18:05:08", "description": "A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-10-26T14:29:00", "type": "debiancve", "title": "CVE-2018-15688", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15688"], "modified": "2018-10-26T14:29:00", "id": "DEBIANCVE:CVE-2018-15688", "href": "https://security-tracker.debian.org/tracker/CVE-2018-15688", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2018-11-10T02:37:48", "description": "This update for systemd fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of\n systemd allowed a malicious dhcp6 server to overwrite heap memory in\n systemd-networkd. (bsc#1113632)\n - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an\n attacker to supply arbitrary state across systemd re-execution via\n NotifyAccess. This can be used to improperly influence systemd execution\n and possibly lead to root privilege escalation. (bsc#1113665)\n\n Non security issues fixed:\n\n - dhcp6: split assert_return() to be more debuggable when hit\n - core: skip unit deserialization and move to the next one when\n unit_deserialize() fails\n - core: properly handle deserialization of unknown unit types (#6476)\n - core: don't create Requires for workdir if "missing ok" (bsc#1113083)\n - logind: use manager_get_user_by_pid() where appropriate\n - logind: rework manager_get_{user|session}_by_pid() a bit\n - login: fix user@.service case, so we don't allow nested sessions (#8051)\n (bsc#1112024)\n - core: be more defensive if we can't determine per-connection socket peer\n (#7329)\n - core: introduce systemd.early_core_pattern= kernel cmdline option\n - core: add missing 'continue' statement\n - core/mount: fstype may be NULL\n - journald: don't ship systemd-journald-audit.socket (bsc#1109252)\n - core: make "tmpfs" dependencies on swapfs a "default" dep, not an\n "implicit" (bsc#1110445)\n - mount: make sure we unmount tmpfs mounts before we deactivate swaps\n (#7076)\n - detect-virt: do not try to read all of /proc/cpuinfo (bsc#1109197)\n - emergency: make sure console password agents don't interfere with the\n emergency shell\n - man: document that 'nofail' also has an effect on ordering\n - journald: take leading spaces into account in syslog_parse_identifier\n - journal: do not remove multiple spaces after identifier in syslog message\n - syslog: fix segfault in syslog_parse_priority()\n - journal: fix syslog_parse_identifier()\n - install: drop left-over debug message (#6913)\n - Ship systemd-sysv-install helper via the main package This script was\n part of systemd-sysvinit sub-package but it was wrong since\n systemd-sysv-install is a script used to redirect enable/disable\n operations to chkconfig when the unit targets are sysv init scripts.\n Therefore it's never been a SySV init tool.\n - Add udev.no-partlabel-links kernel command-line option. This option can\n be used to disable the generation of the by-partlabel symlinks\n regardless of the name used. (bsc#1089761)\n - man: SystemMaxUse= clarification in journald.conf(5). (bsc#1101040)\n - systemctl: load unit if needed in "systemctl is-active" (bsc#1102908)\n - core: don't freeze OnCalendar= timer units when the clock goes back a\n lot (bsc#1090944)\n - Enable or disable machines.target according to the presets (bsc#1107941)\n - cryptsetup: add support for sector-size= option (fate#325697)\n - nspawn: always use permission mode 555 for /sys (bsc#1107640)\n - Bugfix for a race condition between daemon-reload and other commands\n (bsc#1105031)\n - Fixes an issue where login with root credentials was not possible in\n init level 5 (bsc#1091677)\n - Fix an issue where services of type "notify" harmless DENIED log\n entries. (bsc#991901)\n - Does no longer adjust qgroups on existing subvolumes (bsc#1093753)\n - cryptsetup: add support for sector-size= option (#9936) (fate#325697\n bsc#1114135)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "cvss3": {}, "published": "2018-11-10T00:11:51", "type": "suse", "title": "Security update for systemd (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-15686", "CVE-2018-15688"], "modified": "2018-11-10T00:11:51", "id": "OPENSUSE-SU-2018:3695-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00007.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-11-17T02:48:05", "description": "This update for systemd fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of\n systemd allowed a malicious dhcp6 server to overwrite heap memory in\n systemd-networkd. (bsc#1113632)\n - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an\n attacker to supply arbitrary state across systemd re-execution via\n NotifyAccess. This can be used to improperly influence systemd execution\n and possibly lead to root privilege escalation. (bsc#1113665)\n\n Non-security issues fixed:\n\n - dhcp6: split assert_return() to be more debuggable when hit\n - core: skip unit deserialization and move to the next one when\n unit_deserialize() fails\n - core: properly handle deserialization of unknown unit types (#6476)\n - core: don't create Requires for workdir if "missing ok" (bsc#1113083)\n - logind: use manager_get_user_by_pid() where appropriate\n - logind: rework manager_get_{user|session}_by_pid() a bit\n - login: fix user@.service case, so we don't allow nested sessions (#8051)\n (bsc#1112024)\n - core: be more defensive if we can't determine per-connection socket peer\n (#7329)\n - socket-util: introduce port argument in sockaddr_port()\n - service: fixup ExecStop for socket-activated shutdown (#4120)\n - service: Continue shutdown on socket activated unit on termination\n (#4108) (bsc#1106923)\n - cryptsetup: build fixes for "add support for sector-size= option"\n - udev-rules: IMPORT cmdline does not recognize keys with similar names\n (bsc#1111278)\n - core: keep the kernel coredump defaults when systemd-coredump is disabled\n - core: shorten main() a bit, split out coredump initialization\n - core: set RLIMIT_CORE to unlimited by default (bsc#1108835)\n - core/mount: fstype may be NULL\n - journald: don't ship systemd-journald-audit.socket (bsc#1109252)\n - core: make "tmpfs" dependencies on swapfs a "default" dep, not an\n "implicit" (bsc#1110445)\n - mount: make sure we unmount tmpfs mounts before we deactivate swaps\n (#7076)\n - tmp.mount.hm4: After swap.target (#3087)\n\n - Ship systemd-sysv-install helper via the main package This script was\n part of systemd-sysvinit sub-package but it was wrong since\n systemd-sysv-install is a script used to redirect enable/disable\n operations to chkconfig when the unit targets are sysv init scripts.\n Therefore it's never been a SySV init tool.\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "cvss3": {}, "published": "2018-11-17T00:16:31", "type": "suse", "title": "Security update for systemd (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-15686", "CVE-2018-15688"], "modified": "2018-11-17T00:16:31", "id": "OPENSUSE-SU-2018:3803-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00025.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "gentoo": [{"lastseen": "2022-02-10T00:00:00", "description": "### Background\n\nA system and service manager.\n\n### Description\n\nMultiple vulnerabilities have been discovered in systemd. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nAn attacker could possibly execute arbitrary code, cause a Denial of Service condition, or gain escalated privileges. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll systemd users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/systemd-239-r2\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-10-30T00:00:00", "type": "gentoo", "title": "systemd: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15686", "CVE-2018-15687", "CVE-2018-15688"], "modified": "2018-10-30T00:00:00", "id": "GLSA-201810-10", "href": "https://security.gentoo.org/glsa/201810-10", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2022-02-10T00:00:00", "description": "Arch Linux Security Advisory ASA-201811-11\n==========================================\n\nSeverity: Critical\nDate : 2018-11-07\nCVE-ID : CVE-2018-15686 CVE-2018-15687 CVE-2018-15688\nPackage : systemd\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-789\n\nSummary\n=======\n\nThe package systemd before version 239.300-1 is vulnerable to multiple\nissues including arbitrary code execution and privilege escalation.\n\nResolution\n==========\n\nUpgrade to 239.300-1.\n\n# pacman -Syu \"systemd>=239.300-1\"\n\nThe problems have been fixed upstream in version 239.300.\n\nWorkaround\n==========\n\n- CVE-2018-15688\n\nDisable IPv6 by setting either LinkLocalAddressing=ipv4 or\nLinkLocalAddressing=no in the corresponding network configuration file.\n\nDescription\n===========\n\n- CVE-2018-15686 (privilege escalation)\n\nA security issue has been found in systemd up to and including 239,\nwhere the use of fgets() allows an attacker to escalate privilege via a\ncrafted service with NotifyAccess.\n\n- CVE-2018-15687 (privilege escalation)\n\nA security issue has been found in systemd up to and including 239,\nwhere a race condition in the chown_one() function can be used to\nescalate privileges via a crafted symlink.\n\n- CVE-2018-15688 (arbitrary code execution)\n\nAn out-of-bounds write has been found in the dhcpv6 option handing code\nof systemd-networkd up to and including v239.\n\nIt was discovered that systemd-network does not correctly keep track of\na buffer size in the dhcp6_option_append_ia() function, when\nconstructing DHCPv6 packets. This flaw may lead to an integer underflow\nthat can be used to produce an heap-based buffer overflow. A malicious\nhost on the same network segment as the victim's one may advertise\nitself as a DHCPv6 server and exploit this flaw to cause a Denial of\nService or potentially gain code execution on the victim's machine. The\noverflow can be triggered relatively easy by advertising a DHCPv6\nserver with a server-id >= 493 characters long.\n\nImpact\n======\n\nA remote attacker is able to cause arbitrary code execution by\nadvertising itself as a DHCPv6 server with a specially crafted server-\nid. A local attacker can escalate privileges with a specially crafted\nservice or a crafted symlink.\n\nReferences\n==========\n\nhttps://bugs.archlinux.org/task/60609\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1687\nhttps://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1796402\nhttps://github.com/systemd/systemd/pull/10447\nhttps://github.com/systemd/systemd/pull/10450\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1689\nhttps://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1796692\nhttps://github.com/systemd/systemd/pull/10517\nhttps://bugs.launchpad.net/ubuntu/%2Bsource/systemd/%2Bbug/1795921\nhttps://github.com/systemd/systemd/pull/10518\nhttps://github.com/poettering/systemd/commit/49653743f69658aeeebdb14faf1ab158f1f2cb20\nhttps://security.archlinux.org/CVE-2018-15686\nhttps://security.archlinux.org/CVE-2018-15687\nhttps://security.archlinux.org/CVE-2018-15688", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-07T00:00:00", "type": "archlinux", "title": "[ASA-201811-11] systemd: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15686", "CVE-2018-15687", "CVE-2018-15688"], "modified": "2018-11-07T00:00:00", "id": "ASA-201811-11", "href": "https://security.archlinux.org/ASA-201811-11", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2022-02-10T05:15:31", "description": "Package : systemd\nVersion : 215-17+deb8u8\nCVE ID : CVE-2018-1049 CVE-2018-15686 CVE-2018-15688\nDebian Bug : 912005 912008\n\nsystemd was found to suffer from multiple security vulnerabilities\nranging from denial of service attacks to possible root privilege\nescalation.\n\nCVE-2018-1049\n\n A race condition exists between .mount and .automount units such\n that automount requests from kernel may not be serviced by systemd\n resulting in kernel holding the mountpoint and any processes that\n try to use said mount will hang. A race condition like this may\n lead to denial of service, until mount points are unmounted.\n\nCVE-2018-15686\n\n A vulnerability in unit_deserialize of systemd allows an attacker\n to supply arbitrary state across systemd re-execution via\n NotifyAccess. This can be used to improperly influence systemd\n execution and possibly lead to root privilege escalation.\n\nCVE-2018-15688\n\n A buffer overflow vulnerability in the dhcp6 client of systemd\n allows a malicious dhcp6 server to overwrite heap memory in\n systemd-networkd, which is not enabled by default in Debian.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n215-17+deb8u8.\n\nWe recommend that you upgrade your systemd packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-19T23:42:42", "type": "debian", "title": "[SECURITY] [DLA 1580-1] systemd security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1049", "CVE-2018-15686", "CVE-2018-15688"], "modified": "2018-11-19T23:42:42", "id": "DEBIAN:DLA-1580-1:96660", "href": "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}
NetworkManager vulnerability
