105747

RHSA-2019:2091

https://github.com/systemd/systemd/pull/10519

[debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update

GLSA-201810-10

USN-3816-1

45714

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has systemd packages installed that are affected by multiple vulnerabilities:

  - A vulnerability in unit_deserialize of systemd allows an     attacker to supply arbitrary state across systemd re-     execution via NotifyAccess. This can be used to     improperly influence systemd execution and possibly lead     to root privilege escalation. Affected releases are     systemd versions up to and including 239.
    (CVE-2018-15686)

  - It was discovered systemd does not correctly check the     content of PIDFile files before using it to kill     processes. When a service is run from an unprivileged     user (e.g. User field set in the service file), a local     attacker who is able to write to the PIDFile of the     mentioned service may use this flaw to trick systemd     into killing other services and/or privileged processes.
    Versions before v237 are vulnerable. (CVE-2018-16888)

  - An out of bounds read was discovered in systemd-journald     in the way it parses log messages that terminate with a     colon ':'. A local attacker can use this flaw to     disclose process memory data. Versions from v221 to v239     are vulnerable. (CVE-2018-16866)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - It has been discovered that systemd-tmpfiles mishandles     symbolic links present in non-terminal path components.
    In some configurations a local user could use this     vulnerability to get access to arbitrary files when the     systemd-tmpfiles command is run.(CVE-2018-6954)

  - An out of bounds read was discovered in     systemd-journald in the way it parses log messages that     terminate with a colon ':'. A local attacker can use     this flaw to disclose process memory     data.(CVE-2018-16866)

  - A vulnerability in unit_deserialize of systemd allows     an attacker to supply arbitrary state across systemd     re-execution via NotifyAccess. This can be used to     improperly influence systemd execution and possibly     lead to root privilege escalation. (CVE-2018-15686)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update for systemd is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.

Security Fix(es) :

* systemd: line splitting via fgets() allows for state injection during daemon-reexec (CVE-2018-15686)

* systemd: out-of-bounds read when parsing a crafted syslog message (CVE-2018-16866)

* systemd: kills privileged process if unprivileged PIDFile was tampered (CVE-2018-16888)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

Security Fix(es) :

  - systemd: line splitting via fgets() allows for state     injection during daemon-reexec (CVE-2018-15686)

  - systemd: out-of-bounds read when parsing a crafted     syslog message (CVE-2018-16866)

  - systemd: kills privileged process if unprivileged     PIDFile was tampered (CVE-2018-16888)

This update for systemd fixes the following issues :

Security issues fixed :

  - CVE-2018-15688: A buffer overflow vulnerability in the     dhcp6 client of systemd allowed a malicious dhcp6 server     to overwrite heap memory in systemd-networkd.
    (bsc#1113632)

  - CVE-2018-15686: A vulnerability in unit_deserialize of     systemd allows an attacker to supply arbitrary state     across systemd re-execution via NotifyAccess. This can     be used to improperly influence systemd execution and     possibly lead to root privilege escalation.
    (bsc#1113665)

Non security issues fixed :

  - dhcp6: split assert_return() to be more debuggable when     hit

  - core: skip unit deserialization and move to the next one     when unit_deserialize() fails

  - core: properly handle deserialization of unknown unit     types (#6476)

  - core: don't create Requires for workdir if 'missing ok'     (bsc#1113083)

  - logind: use manager_get_user_by_pid() where appropriate

  - logind: rework manager_get_{user|session}_by_pid() a bit

  - login: fix user@.service case, so we don't allow nested     sessions (#8051) (bsc#1112024)

  - core: be more defensive if we can't determine     per-connection socket peer (#7329)

  - core: introduce systemd.early_core_pattern= kernel     cmdline option

  - core: add missing 'continue' statement

  - core/mount: fstype may be NULL

  - journald: don't ship systemd-journald-audit.socket     (bsc#1109252)

  - core: make 'tmpfs' dependencies on swapfs a 'default'     dep, not an 'implicit' (bsc#1110445)

  - mount: make sure we unmount tmpfs mounts before we     deactivate swaps (#7076)

  - detect-virt: do not try to read all of /proc/cpuinfo     (bsc#1109197)

  - emergency: make sure console password agents don't     interfere with the emergency shell

  - man: document that 'nofail' also has an effect on     ordering

  - journald: take leading spaces into account in     syslog_parse_identifier

  - journal: do not remove multiple spaces after identifier     in syslog message

  - syslog: fix segfault in syslog_parse_priority()

  - journal: fix syslog_parse_identifier()

  - install: drop left-over debug message (#6913)

  - Ship systemd-sysv-install helper via the main package     This script was part of systemd-sysvinit sub-package but     it was wrong since systemd-sysv-install is a script used     to redirect enable/disable operations to chkconfig when     the unit targets are sysv init scripts. Therefore it's     never been a SySV init tool.

  - Add udev.no-partlabel-links kernel command-line option.
    This option can be used to disable the generation of the     by-partlabel symlinks regardless of the name used.
    (bsc#1089761)

  - man: SystemMaxUse= clarification in journald.conf(5).
    (bsc#1101040)

  - systemctl: load unit if needed in 'systemctl is-active'     (bsc#1102908)

  - core: don't freeze OnCalendar= timer units when the     clock goes back a lot (bsc#1090944)

  - Enable or disable machines.target according to the     presets (bsc#1107941)

  - cryptsetup: add support for sector-size= option     (fate#325697)

  - nspawn: always use permission mode 555 for /sys     (bsc#1107640)

  - Bugfix for a race condition between daemon-reload and     other commands (bsc#1105031)

  - Fixes an issue where login with root credentials was not     possible in init level 5 (bsc#1091677)

  - Fix an issue where services of type 'notify' harmless     DENIED log entries. (bsc#991901)

  - Does no longer adjust qgroups on existing subvolumes     (bsc#1093753)

  - cryptsetup: add support for sector-size= option (#9936)     (fate#325697 bsc#1114135)

This update was imported from the SUSE:SLE-15:Update update project.

An update of the systemd package has been released.

This update for systemd fixes the following issues :

Fix security vulnerabilities CVE-2018-16864 and CVE-2018-16865 (bsc#1120323): Both issues were memory corruptions via attacker-controlled alloca which could have been used to gain root privileges by a local attacker.

Fix security vulnerability CVE-2018-15686 (bsc#1113665): A vulnerability in unit_deserialize of systemd used to allow an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This could have been used to improperly influence systemd execution and possibly lead to root privilege escalation.

Remedy 2048 character line-length limit in systemd-sysctl code that would cause parser failures if /etc/sysctl.conf contained lines that exceeded this length (bsc#1071558).

Fix a bug in systemd's core timer code that would cause timer looping under certain conditions, resulting in hundreds of syslog messages being written to the journal (bsc#1068588).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

- Fix a local vulnerability from a race condition in     chown-recursive (CVE-2018-15687, #1639076)

  - Fix a local vulnerability from invalid handling of long     lines in state deserialization (CVE-2018-15686,     #1639071)

  - Fix a remote vulnerability in DHCPv6 in systemd-networkd     (CVE-2018-15688, #1639067)

  - The DHCP server is started only when link is UP

  - DHCPv6 prefix delegation is improved

  - Downgrade logging of various messages and add loging in     other places

  - Many many fixes in error handling and minor memory leaks     and such

  - Fix typos and omissions in documentation

  - Typo in %%_environmnentdir rpm macro is fixed (with     backwards compatibility preserved)

  - Matching by MACAddress= in systemd-networkd is fixed

  - Creation of user runtime directories is improved, and     the user manager is only stopped after 10 s after the     user logs out (#1642460 and other bugs)

  - systemd units systemd-timesyncd, systemd-resolved,     systemd-networkd are switched back to use DynamicUser=0

  - Aliases are now resolved when loading modules from pid1.
    This is a (redundant) fix for a brief kernel regression.

  - 'systemctl --wait start' exits immediately if no valid     units are named

  - zram devices are not considered as candidates for     hibernation

  - ECN is not requested for both in- and out-going     connections (the sysctl overide for net.ipv4.tcp_ecn is     removed)

  - Various smaller improvements to unit ordering and     dependencies

  - generators are now called with the manager's environment

  - Handling of invalid (intentionally corrupt) dbus     messages is improved, fixing potential local DOS avenues

  - The target of symlinks links in .wants/ and .requires/     is now ignored. This fixes an issue where the unit file     would sometimes be loaded from such a symlink, leading     to non-deterministic unit contents.

  - Filtering of kernel threads is improved. This fixes an     issues with newer kernels where hybrid kernel/user     threads are used by bpfilter.

  - 'noresume' can be used on the kernel command line to     force normal boot even if a hibernation images is     present

  - Hibernation is not advertised if resume= is not present     on the kernenl command line

  - Hibernation/Suspend/... modes can be disabled using     AllowSuspend=, AllowHibernation=,     AllowSuspendThenHibernate=, AllowHybridSleep=

  - LOGO= and DOCUMENTATION_URL= are documented for the     os-release file

  - The hashmap mempool is now only used internally in     systemd, and is disabled for external users of the     systemd libraries

  - Additional state is serialized/deserialized when logind     is restarted, fixing the handling of user objects

  - Catalog entries for the journal are improved (#1639482)

  - If suspend fails, the post-suspend hooks are still     called.

  - Various build issues on less-common architectures are     fixed

No need to reboot or log out.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

- Fix a local vulnerability from a race condition in     chown-recursive (CVE-2018-15687, #1643367)

  - Fix a local vulnerability from invalid handling of long     lines in state deserialization (CVE-2018-15686,     #1643372)

  - Fix a remote vulnerability in DHCPv6 in systemd-networkd     (CVE-2018-15688, #1643362)

  - Downgrade logging of various messages and add loging in     other places

  - Many many fixes in error handling and minor memory leaks     and such

  - Fix typos and omissions in documentation

  - Various smaller improvements to unit ordering and     dependencies

  - Handling of invalid (intentionally corrupt) dbus     messages is improved, fixing potential local DOS avenues

  - The target of symlinks links in .wants/ and .requires/     is now ignored. This fixes an issue where the unit file     would sometimes be loaded from such a symlink, leading     to non-deterministic unit contents.

  - Filtering of kernel threads is improved. This fixes an     issues with newer kernels where hybrid kernel/user     threads are used by bpfilter.

  - Catalog entries for the journal are improved (#1639482)

No need to reboot or log out.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for systemd fixes the following issues :

Security issues fixed :

CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632)

CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation.
(bsc#1113665)

Non security issues fixed: dhcp6: split assert_return() to be more debuggable when hit

core: skip unit deserialization and move to the next one when unit_deserialize() fails

core: properly handle deserialization of unknown unit types (#6476)

core: don't create Requires for workdir if 'missing ok' (bsc#1113083)

logind: use manager_get_user_by_pid() where appropriate

logind: rework manager_get_{user|session}_by_pid() a bit

login: fix user@.service case, so we don't allow nested sessions (#8051) (bsc#1112024)

core: be more defensive if we can't determine per-connection socket peer (#7329)

core: introduce systemd.early_core_pattern= kernel cmdline option

core: add missing 'continue' statement

core/mount: fstype may be NULL

journald: don't ship systemd-journald-audit.socket (bsc#1109252)

core: make 'tmpfs' dependencies on swapfs a 'default' dep, not an 'implicit' (bsc#1110445)

mount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076)

detect-virt: do not try to read all of /proc/cpuinfo (bsc#1109197)

emergency: make sure console password agents don't interfere with the emergency shell

man: document that 'nofail' also has an effect on ordering

journald: take leading spaces into account in syslog_parse_identifier

journal: do not remove multiple spaces after identifier in syslog message

syslog: fix segfault in syslog_parse_priority()

journal: fix syslog_parse_identifier()

install: drop left-over debug message (#6913)

Ship systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts.
Therefore it's never been a SySV init tool.

Add udev.no-partlabel-links kernel command-line option. This option can be used to disable the generation of the by-partlabel symlinks regardless of the name used. (bsc#1089761)

man: SystemMaxUse= clarification in journald.conf(5). (bsc#1101040)

systemctl: load unit if needed in 'systemctl is-active' (bsc#1102908)

core: don't freeze OnCalendar= timer units when the clock goes back a lot (bsc#1090944)

Enable or disable machines.target according to the presets (bsc#1107941)

cryptsetup: add support for sector-size= option (fate#325697)

nspawn: always use permission mode 555 for /sys (bsc#1107640)

Bugfix for a race condition between daemon-reload and other commands (bsc#1105031)

Fixes an issue where login with root credentials was not possible in init level 5 (bsc#1091677)

Fix an issue where services of type 'notify' harmless DENIED log entries. (bsc#991901)

Does no longer adjust qgroups on existing subvolumes (bsc#1093753)

cryptsetup: add support for sector-size= option (#9936) (fate#325697 bsc#1114135)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for systemd fixes the following issues :

Security issues fixed :

CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632)

CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation.
(bsc#1113665)

Non-security issues fixed: dhcp6: split assert_return() to be more debuggable when hit

core: skip unit deserialization and move to the next one when unit_deserialize() fails

core: properly handle deserialization of unknown unit types (#6476)

core: don't create Requires for workdir if 'missing ok' (bsc#1113083)

logind: use manager_get_user_by_pid() where appropriate

logind: rework manager_get_{user|session}_by_pid() a bit

login: fix user@.service case, so we don't allow nested sessions (#8051) (bsc#1112024)

core: be more defensive if we can't determine per-connection socket peer (#7329)

socket-util: introduce port argument in sockaddr_port()

service: fixup ExecStop for socket-activated shutdown (#4120)

service: Continue shutdown on socket activated unit on termination (#4108) (bsc#1106923)

cryptsetup: build fixes for 'add support for sector-size= option'

udev-rules: IMPORT cmdline does not recognize keys with similar names (bsc#1111278)

core: keep the kernel coredump defaults when systemd-coredump is disabled

core: shorten main() a bit, split out coredump initialization

core: set RLIMIT_CORE to unlimited by default (bsc#1108835)

core/mount: fstype may be NULL

journald: don't ship systemd-journald-audit.socket (bsc#1109252)

core: make 'tmpfs' dependencies on swapfs a 'default' dep, not an 'implicit' (bsc#1110445)

mount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076)

tmp.mount.hm4: After swap.target (#3087)

Ship systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts.
Therefore it's never been a SySV init tool.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

USN-3816-1 fixed vulnerabilities in systemd. The fix for CVE-2018-6954 caused a regression in systemd-tmpfiles when running Ubuntu inside a container on some older kernels. This issue only affected Ubuntu 16.04 LTS. In order to continue to support this configuration, the fixes for CVE-2018-6954 have been reverted.

We apologize for the inconvenience.

Original advisory details :

Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. (CVE-2018-15686)

Jann Horn discovered a race condition in chown_one(). A local attacker could potentially exploit this by setting arbitrary permissions on certain files to obtain root privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-15687)

It was discovered that systemd-tmpfiles mishandled symlinks in non-terminal path components. A local attacker could potentially exploit this by gaining ownership of certain files to obtain root privileges. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-6954).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

USN-3816-1 fixed several vulnerabilities in systemd. However, the fix for CVE-2018-6954 was not sufficient. This update provides the remaining fixes.

We apologize for the inconvenience.

Original advisory details :

Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. (CVE-2018-15686)

Jann Horn discovered a race condition in chown_one(). A local attacker could potentially exploit this by setting arbitrary permissions on certain files to obtain root privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-15687)

It was discovered that systemd-tmpfiles mishandled symlinks in non-terminal path components. A local attacker could potentially exploit this by gaining ownership of certain files to obtain root privileges. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-6954).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

systemd was found to suffer from multiple security vulnerabilities ranging from denial of service attacks to possible root privilege escalation.

CVE-2018-1049

A race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.

CVE-2018-15686

A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess.
This can be used to improperly influence systemd execution and possibly lead to root privilege escalation.

CVE-2018-15688

A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd, which is not enabled by default in Debian.

For Debian 8 'Jessie', these problems have been fixed in version 215-17+deb8u8.

We recommend that you upgrade your systemd packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for systemd fixes the following issues :

Security issues fixed :

  - CVE-2018-15688: A buffer overflow vulnerability in the     dhcp6 client of systemd allowed a malicious dhcp6 server     to overwrite heap memory in systemd-networkd.
    (bsc#1113632)

  - CVE-2018-15686: A vulnerability in unit_deserialize of     systemd allows an attacker to supply arbitrary state     across systemd re-execution via NotifyAccess. This can     be used to improperly influence systemd execution and     possibly lead to root privilege escalation.
    (bsc#1113665)

Non-security issues fixed :

  - dhcp6: split assert_return() to be more debuggable when     hit

  - core: skip unit deserialization and move to the next one     when unit_deserialize() fails

  - core: properly handle deserialization of unknown unit     types (#6476)

  - core: don't create Requires for workdir if 'missing ok'     (bsc#1113083)

  - logind: use manager_get_user_by_pid() where appropriate

  - logind: rework manager_get_{user|session}_by_pid() a bit

  - login: fix user@.service case, so we don't allow nested     sessions (#8051) (bsc#1112024)

  - core: be more defensive if we can't determine     per-connection socket peer (#7329)

  - socket-util: introduce port argument in sockaddr_port()

  - service: fixup ExecStop for socket-activated shutdown     (#4120)

  - service: Continue shutdown on socket activated unit on     termination (#4108) (bsc#1106923)

  - cryptsetup: build fixes for 'add support for     sector-size= option'

  - udev-rules: IMPORT cmdline does not recognize keys with     similar names (bsc#1111278)

  - core: keep the kernel coredump defaults when     systemd-coredump is disabled

  - core: shorten main() a bit, split out coredump     initialization

  - core: set RLIMIT_CORE to unlimited by default     (bsc#1108835)

  - core/mount: fstype may be NULL

  - journald: don't ship systemd-journald-audit.socket     (bsc#1109252)

  - core: make 'tmpfs' dependencies on swapfs a 'default'     dep, not an 'implicit' (bsc#1110445)

  - mount: make sure we unmount tmpfs mounts before we     deactivate swaps (#7076)

  - tmp.mount.hm4: After swap.target (#3087)

  - Ship systemd-sysv-install helper via the main package     This script was part of systemd-sysvinit sub-package but     it was wrong since systemd-sysv-install is a script used     to redirect enable/disable operations to chkconfig when     the unit targets are sysv init scripts. Therefore it's     never been a SySV init tool.

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. (CVE-2018-15686)

Jann Horn discovered a race condition in chown_one(). A local attacker could potentially exploit this by setting arbitrary permissions on certain files to obtain root privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-15687)

It was discovered that systemd-tmpfiles mishandled symlinks in non-terminal path components. A local attacker could potentially exploit this by gaining ownership of certain files to obtain root privileges. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-6954).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201810-10 (systemd: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in systemd. Please review       the CVE identifiers referenced below for details.
  Impact :

    An attacker could possibly execute arbitrary code, cause a Denial of       Service condition, or gain escalated privileges.
  Workaround :

    There is no known workaround at this time.

ID	Name	Product	Family	Severity
129929	NewStart CGSL CORE 5.04 / MAIN 5.04 : systemd Multiple Vulnerabilities (NS-SA-2019-0196)	Nessus	NewStart CGSL Local Security Checks	critical
129191	EulerOS 2.0 SP3 : systemd (EulerOS-SA-2019-1998)	Nessus	Huawei Local Security Checks	critical
128350	CentOS 7 : systemd (CESA-2019:2091)	Nessus	CentOS Local Security Checks	critical
128265	Scientific Linux Security Update : systemd on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	critical
127669	RHEL 7 : systemd (RHSA-2019:2091)	Nessus	Red Hat Local Security Checks	critical
123371	openSUSE Security Update : systemd (openSUSE-2019-909)	Nessus	SuSE Local Security Checks	critical
122020	Photon OS 1.0: Systemd PHSA-2019-1.0-0203	Nessus	PhotonOS Local Security Checks	critical
121061	SUSE SLES12 Security Update : systemd (SUSE-SU-2019:0054-1)	Nessus	SuSE Local Security Checks	critical
121060	SUSE SLES12 Security Update : systemd (SUSE-SU-2019:0053-1)	Nessus	SuSE Local Security Checks	critical
120769	Fedora 29 : systemd (2018-c402eea18b)	Nessus	Fedora Local Security Checks	critical
120295	Fedora 28 : systemd (2018-24bd6c9d4a)	Nessus	Fedora Local Security Checks	critical
120157	SUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2018:3644-1)	Nessus	SuSE Local Security Checks	critical
119575	SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2018:3767-2)	Nessus	SuSE Local Security Checks	critical
119253	Ubuntu 16.04 LTS : systemd regression (USN-3816-3)	Nessus	Ubuntu Local Security Checks	critical
119043	Ubuntu 16.04 LTS / 18.04 LTS / 18.10 : systemd vulnerability (USN-3816-2)	Nessus	Ubuntu Local Security Checks	critical
119039	Debian DLA-1580-1 : systemd security update	Nessus	Debian Local Security Checks	critical
119028	openSUSE Security Update : systemd (openSUSE-2018-1423)	Nessus	SuSE Local Security Checks	critical
118965	SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2018:3767-1)	Nessus	SuSE Local Security Checks	critical
118907	Ubuntu 16.04 LTS / 18.04 LTS / 18.10 : systemd vulnerabilities (USN-3816-1)	Nessus	Ubuntu Local Security Checks	critical
118878	openSUSE Security Update : systemd (openSUSE-2018-1382)	Nessus	SuSE Local Security Checks	critical
118510	GLSA-201810-10 : systemd: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical

CVE-2018-15686

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins