https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142

https://security.netapp.com/advisory/ntap-20210625-0005/

GLSA-202107-48

FEDORA-2021-166e461c8d

[oss-security] 20210804 Re: Pop!_OS Membership to linux-distros list

[oss-security] 20210817 Re: Pop!_OS Membership to linux-distros list

[oss-security] 20210907 Re: Pop!_OS Membership to linux-distros list

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2809-1 advisory.

  - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW     packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An     attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)

  - basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an     Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that     results in an operating system crash. (CVE-2021-33910)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2809-1 advisory.

  - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW     packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An     attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)

  - basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an     Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that     results in an operating system crash. (CVE-2021-33910)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

An update of the systemd package has been released.

The remote Ubuntu 18.04 LTS / 20.04 LTS / 20.10 / 21.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5013-1 advisory.

  - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW     packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An     attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)

  - basic/unit-name.c in systemd 220 through 248 has a Memory Allocation with an Excessive Size Value     (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating     system crash. (CVE-2021-33910)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5013-2 advisory.

  - An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW     packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An     attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. (CVE-2020-13529)

  - basic/unit-name.c in systemd 220 through 248 has a Memory Allocation with an Excessive Size Value     (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating     system crash. (CVE-2021-33910)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
152768	openSUSE 15 Security Update : systemd (openSUSE-SU-2021:2809-1)	Nessus	SuSE Local Security Checks	medium
152760	SUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2021:2809-1)	Nessus	SuSE Local Security Checks	medium
152085	Photon OS 2.0: Systemd PHSA-2021-2.0-0373	Nessus	PhotonOS Local Security Checks	medium
152054	Photon OS 3.0: Systemd PHSA-2021-3.0-0272	Nessus	PhotonOS Local Security Checks	medium
152051	Photon OS 1.0: Systemd PHSA-2021-1.0-0416	Nessus	PhotonOS Local Security Checks	medium
151836	Ubuntu 18.04 LTS / 20.04 LTS / 20.10 / 21.04 : systemd vulnerabilities (USN-5013-1)	Nessus	Ubuntu Local Security Checks	medium
151835	Ubuntu 16.04 LTS : systemd vulnerabilities (USN-5013-2)	Nessus	Ubuntu Local Security Checks	medium

CVE-2020-13529

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

medium

medium

medium

medium

medium

medium

medium