Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2019-1364-2.NASL
HistoryJul 16, 2019 - 12:00 a.m.

SUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2019:1364-2)

2019-07-1600:00:00
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
24

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

59.9%

JSON

This update for systemd fixes the following issues :

Security issues fixed :

CVE-2019-3842: Fixed a privilege escalation in pam_systemd which could be exploited by a local user (bsc#1132348).

CVE-2019-6454: Fixed a denial of service via crafted D-Bus message (bsc#1125352).

CVE-2019-3843, CVE-2019-3844: Fixed a privilege escalation where services with DynamicUser could gain new privileges or create SUID/SGID binaries (bsc#1133506, bsc#1133509).

Non-security issued fixed: logind: fix killing of scopes (bsc#1125604)

namespace: make MountFlags=shared work again (bsc#1124122)

rules: load drivers only on ‘add’ events (bsc#1126056)

sysctl: Don’t pass null directive argument to ‘%s’ (bsc#1121563)

systemd-coredump: generate a stack trace of all core dumps and log into the journal (jsc#SLE-5933)

udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400)

sd-bus: bump message queue size again (bsc#1132721)

Do not automatically online memory on s390x (bsc#1127557)

Removed sg.conf (bsc#1036463)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2019:1364-2.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(126736);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/13");

  script_cve_id("CVE-2019-3842", "CVE-2019-3843", "CVE-2019-3844", "CVE-2019-6454");

  script_name(english:"SUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2019:1364-2)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description",
    value:
"This update for systemd fixes the following issues :

Security issues fixed :

CVE-2019-3842: Fixed a privilege escalation in pam_systemd which could
be exploited by a local user (bsc#1132348).

CVE-2019-6454: Fixed a denial of service via crafted D-Bus message
(bsc#1125352).

CVE-2019-3843, CVE-2019-3844: Fixed a privilege escalation where
services with DynamicUser could gain new privileges or create
SUID/SGID binaries (bsc#1133506, bsc#1133509).

Non-security issued fixed: logind: fix killing of scopes (bsc#1125604)

namespace: make MountFlags=shared work again (bsc#1124122)

rules: load drivers only on 'add' events (bsc#1126056)

sysctl: Don't pass null directive argument to '%s' (bsc#1121563)

systemd-coredump: generate a stack trace of all core dumps and log
into the journal (jsc#SLE-5933)

udevd: notify when max number value of children is reached only once
per batch of events (bsc#1132400)

sd-bus: bump message queue size again (bsc#1132721)

Do not automatically online memory on s390x (bsc#1127557)

Removed sg.conf (bsc#1036463)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1036463"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1121563"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1124122"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1125352"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1125604"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1126056"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1127557"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1130230"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132348"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132400"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132721"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133506"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133509"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-3842/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-3843/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-3844/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-6454/"
  );
  # https://www.suse.com/support/update/announcement/2019/suse-su-20191364-2/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?592f8ecd"
  );
  script_set_attribute(
    attribute:"solution",
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Module for Open Buildservice Development Tools
15-SP1:zypper in -t patch
SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1364=1

SUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch
SUSE-SLE-Module-Basesystem-15-SP1-2019-1364=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-3844");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsystemd0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsystemd0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsystemd0-32bit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsystemd0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsystemd0-mini");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsystemd0-mini-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev-mini-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev-mini1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev-mini1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev1-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev1-32bit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libudev1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nss-myhostname");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nss-myhostname-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nss-myhostname-32bit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nss-myhostname-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nss-mymachines");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nss-mymachines-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nss-mymachines-32bit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nss-mymachines-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nss-systemd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nss-systemd-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-32bit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-container");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-container-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-coredump");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-coredump-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-logger");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-mini");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-mini-container-mini");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-mini-container-mini-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-mini-coredump-mini");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-mini-coredump-mini-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-mini-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-mini-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-mini-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-mini-sysvinit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:systemd-sysvinit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:udev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:udev-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:udev-mini");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:udev-mini-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/07/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/16");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP1", os_ver + " SP" + sp);
if (os_ver == "SLED15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP1", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"libsystemd0-32bit-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"libsystemd0-32bit-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"libudev-devel-32bit-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"libudev1-32bit-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"libudev1-32bit-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"nss-myhostname-32bit-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"nss-myhostname-32bit-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"nss-mymachines-32bit-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"nss-mymachines-32bit-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"systemd-32bit-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"systemd-32bit-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"libsystemd0-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"libsystemd0-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"libsystemd0-mini-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"libsystemd0-mini-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"libudev-devel-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"libudev-mini-devel-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"libudev-mini1-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"libudev-mini1-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"libudev1-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"libudev1-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"nss-myhostname-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"nss-myhostname-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"nss-mymachines-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"nss-mymachines-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"nss-systemd-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"nss-systemd-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"systemd-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"systemd-container-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"systemd-container-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"systemd-coredump-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"systemd-coredump-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"systemd-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"systemd-debugsource-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"systemd-devel-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"systemd-logger-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"systemd-mini-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"systemd-mini-container-mini-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"systemd-mini-container-mini-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"systemd-mini-coredump-mini-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"systemd-mini-coredump-mini-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"systemd-mini-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"systemd-mini-debugsource-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"systemd-mini-devel-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"systemd-mini-sysvinit-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"systemd-sysvinit-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"udev-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"udev-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"udev-mini-234-24.30.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"udev-mini-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"libsystemd0-32bit-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"libsystemd0-32bit-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"libudev-devel-32bit-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"libudev1-32bit-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"libudev1-32bit-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"nss-myhostname-32bit-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"nss-myhostname-32bit-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"nss-mymachines-32bit-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"nss-mymachines-32bit-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"systemd-32bit-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"systemd-32bit-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libsystemd0-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libsystemd0-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libsystemd0-mini-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libsystemd0-mini-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libudev-devel-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libudev-mini-devel-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libudev-mini1-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libudev-mini1-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libudev1-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libudev1-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"nss-myhostname-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"nss-myhostname-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"nss-mymachines-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"nss-mymachines-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"nss-systemd-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"nss-systemd-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"systemd-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"systemd-container-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"systemd-container-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"systemd-coredump-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"systemd-coredump-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"systemd-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"systemd-debugsource-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"systemd-devel-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"systemd-logger-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"systemd-mini-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"systemd-mini-container-mini-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"systemd-mini-container-mini-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"systemd-mini-coredump-mini-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"systemd-mini-coredump-mini-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"systemd-mini-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"systemd-mini-debugsource-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"systemd-mini-devel-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"systemd-mini-sysvinit-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"systemd-sysvinit-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"udev-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"udev-debuginfo-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"udev-mini-234-24.30.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"udev-mini-debuginfo-234-24.30.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "systemd");
}
VendorProductVersionCPE
novellsuse_linuxlibsystemd0p-cpe:/a:novell:suse_linux:libsystemd0
novellsuse_linuxlibsystemd0-32bitp-cpe:/a:novell:suse_linux:libsystemd0-32bit
novellsuse_linuxlibsystemd0-32bit-debuginfop-cpe:/a:novell:suse_linux:libsystemd0-32bit-debuginfo
novellsuse_linuxlibsystemd0-debuginfop-cpe:/a:novell:suse_linux:libsystemd0-debuginfo
novellsuse_linuxlibsystemd0-minip-cpe:/a:novell:suse_linux:libsystemd0-mini
novellsuse_linuxlibsystemd0-mini-debuginfop-cpe:/a:novell:suse_linux:libsystemd0-mini-debuginfo
novellsuse_linuxlibudev-develp-cpe:/a:novell:suse_linux:libudev-devel
novellsuse_linuxlibudev-devel-32bitp-cpe:/a:novell:suse_linux:libudev-devel-32bit
novellsuse_linuxlibudev-mini-develp-cpe:/a:novell:suse_linux:libudev-mini-devel
novellsuse_linuxlibudev-mini1p-cpe:/a:novell:suse_linux:libudev-mini1
Rows per page:
1-10 of 511

References

Related

openvas 32
nessus 61
redhat 11
suse 3
oraclelinux 4
osv 8
veracode 4
debiancve 4
cloudfoundry 2
zdt 2
debian 6
cvelist 4
packetstorm 2
cve 4
redhatcve 4
ibm 4
altlinux 2
cbl_mariner 4
centos 1
amazon 2
ubuntucve 4
ubuntu 3
nvd 4
fedora 6
prion 4
archlinux 1
almalinux 1
rocky 1
photon 8
f5 1
rosalinux 1
gentoo 1
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2019:1364-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:1364-2)
2021-06-09 00:00:00
Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2019-1661)
2020-01-23 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2019:1364-1)
2019-05-29 00:00:00
EulerOS 2.0 SP8 : systemd (EulerOS-SA-2019-1661)
2019-06-27 00:00:00
Photon OS 3.0: Systemd PHSA-2019-3.0-0024
2019-08-26 00:00:00
redhat
redhat
(RHSA-2020:1794) Moderate: systemd security, bug fix, and enhancement update
2020-04-28 09:17:15
(RHSA-2019:0461) Moderate: rhvm-appliance security update
2019-02-21 13:23:25
(RHSA-2019:1502) Important: systemd security and bug fix update
2019-06-18 15:21:40
suse
suse
Security update for systemd (important)
2019-05-28 00:00:00
Security update for systemd (important)
2019-03-01 00:00:00
Security update for systemd (important)
2019-02-27 00:00:00
oraclelinux
oraclelinux
systemd security, bug fix, and enhancement update
2020-05-05 00:00:00
systemd security update
2019-02-19 00:00:00
systemd security and bug fix update
2019-07-30 00:00:00
osv
osv
CVE-2019-3842
2019-04-09 21:29:03
systemd - security update
2019-02-19 00:00:00
systemd - security update
2019-04-08 00:00:00
veracode
veracode
Privilege Escalation
2021-05-20 15:25:40
Privilege Escalation
2020-04-29 02:45:36
Denial Of Service (DoS)
2019-02-19 04:42:28
debiancve
debiancve
CVE-2019-3842
2019-04-09 21:29:03
CVE-2019-6454
2019-03-21 16:01:08
CVE-2019-3843
2019-04-26 21:29:00
cloudfoundry
cloudfoundry
USN-4269-1: systemd vulnerabilities | Cloud Foundry
2020-02-20 00:00:00
USN-3891-1: systemd vulnerability | Cloud Foundry
2019-03-21 00:00:00
zdt
zdt
systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit Exploit
2019-04-23 00:00:00
systemd DynamicUser SetUID Binary Creation Exploit
2019-04-26 00:00:00
debian
debian
[SECURITY] [DSA 4428-1] systemd security update
2019-04-08 20:45:43
[SECURITY] [DSA 4428-1] systemd security update
2019-04-08 20:45:43
[SECURITY] [DSA 4393-1] systemd security update
2019-02-18 17:03:13
cvelist
cvelist
CVE-2019-3842
2019-04-09 20:25:01
CVE-2019-6454
2019-03-17 16:38:57
CVE-2019-3843
2019-04-26 20:27:30
packetstorm
packetstorm
systemd Seat Verification Active Session Spoofing
2019-04-23 00:00:00
systemd DynamicUser SetUID Binary Creation
2019-04-25 00:00:00
cve
cve
CVE-2019-3842
2019-04-09 21:29:03
CVE-2019-6454
2019-03-21 16:01:08
CVE-2019-3843
2019-04-26 21:29:00
redhatcve
redhatcve
CVE-2019-3843
2019-04-26 08:50:30
CVE-2019-6454
2020-02-28 19:43:24
CVE-2019-3842
2019-04-09 14:19:57
ibm
ibm
Security Bulletin: Vulnerability in systemd affects Power Hardware Management Console (CVE-2019-6454)
2021-09-22 23:52:13
Security Bulletin: Vulnerability in systemd affects Power Hardware Management Console (CVE-2019-6454)
2021-09-22 23:05:38
Security Bulletin: IBM MQ Advanced CloudPaks are vulnerable to a denial of service attack within the Systemd package (CVE-2019-6454)
2019-02-26 12:30:01
altlinux
altlinux
Security fix for the ALT Linux 9 package systemd version 1:241-alt2
2019-02-19 00:00:00
Security fix for the ALT Linux 9 package systemd version 1:242-alt1
2019-04-13 00:00:00
cbl_mariner
cbl_mariner
CVE-2019-6454 affecting package systemd 239-44
2020-11-30 19:30:44
CVE-2019-3842 affecting package systemd 239-44
2020-11-30 19:30:44
CVE-2019-3843 affecting package systemd 239-44
2020-11-30 19:30:44
centos
centos
libgudev1, systemd security update
2019-02-20 20:15:20
amazon
amazon
Important: systemd
2019-02-16 00:44:00
Important: systemd
2022-09-30 07:04:00
ubuntucve
ubuntucve
CVE-2019-6454
2019-02-19 00:00:00
CVE-2019-3842
2019-04-08 00:00:00
CVE-2019-3843
2019-04-26 00:00:00
ubuntu
ubuntu
systemd vulnerabilities
2020-02-05 00:00:00
systemd vulnerability
2019-04-08 00:00:00
systemd vulnerability
2019-02-18 00:00:00
nvd
nvd
CVE-2019-3842
2019-04-09 21:29:03
CVE-2019-3844
2019-04-26 21:29:00
CVE-2019-6454
2019-03-21 16:01:08
fedora
fedora
[SECURITY] Fedora 30 Update: systemd-241-5.git3d835d0.fc30
2019-04-11 02:14:49
[SECURITY] Fedora 30 Update: systemd-241-8.git9ef65cb.fc30
2019-04-29 01:43:38
[SECURITY] Fedora 30 Update: systemd-241-12.git1e19bcd.fc30
2019-09-05 11:48:28
prion
prion
Command injection
2019-04-09 21:29:00
Code injection
2019-04-26 21:29:00
Stack overflow
2019-03-21 16:01:00
archlinux
archlinux
[ASA-201902-24] systemd: denial of service
2019-02-21 00:00:00
almalinux
almalinux
Moderate: systemd security, bug fix, and enhancement update
2021-05-18 05:39:12
rocky
rocky
systemd security, bug fix, and enhancement update
2021-05-18 05:39:12
photon
photon
Critical Photon OS Security Update - PHSA-2019-0012
2019-04-25 00:00:00
Critical Photon OS Security Update - PHSA-2019-0024
2019-07-31 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0153
2019-04-25 00:00:00
f5
f5
K25225860 : Linux kernel vulnerabilities CVE-2019-6454, CVE-2020-12888, and CVE-2020-36385
2022-09-05 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1982
2021-07-02 18:13:58
gentoo
gentoo
systemd: Multiple vulnerabilities
2019-03-10 00:00:00

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

59.9%

JSON
Related for SUSE_SU-2019-1364-2.NASL
openvas32nessus61redhat11suse3oraclelinux4osv8veracode4debiancve4cloudfoundry2zdt2debian6cvelist4packetstorm2cve4redhatcve4ibm4altlinux2cbl_mariner4centos1amazon2ubuntucve4ubuntu3nvd4fedora6prion4archlinux1almalinux1rocky1photon8f51rosalinux1gentoo1