Amazon Linux 2 : systemd (ALAS-2019-1141)

high Nessus Plugin ID 121050

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

Large syslogd messages sent to journald can cause stack corruption, causing journald to crash. The version of systemd on Amazon Linux 2 is not vulnerable to privilege escalation in this case. (CVE-2018-16864)

Large native messages to journald can cause stack corruption, leading to possible local privilege escalation.(CVE-2018-16865)

Please note, if you have systemd-journald-remote configured over http, then you could be open to remote escalation on previous versions of the systemd package. The systemd-journald-remote service is not installed by default on Amazon Linux 2, and when installed and enabled, the default configuration is to use https. (CVE-2018-16865)

An out-of-bounds read in journald, triggered by a specially crafted message, can be used to leak information through the journal file (CVE-2018-16866)

Solution

Run 'yum update systemd' then reboot your instance, to update your system.

See Also

https://alas.aws.amazon.com/AL2/ALAS-2019-1141.html

Plugin Details

Severity: High

ID: 121050

File Name: al2_ALAS-2019-1141.nasl

Version: 1.4

Type: local

Agent: unix

Published: 1/10/2019

Updated: 5/17/2019

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:POC/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:libgudev1, p-cpe:/a:amazon:linux:libgudev1-devel, p-cpe:/a:amazon:linux:systemd, p-cpe:/a:amazon:linux:systemd-debuginfo, p-cpe:/a:amazon:linux:systemd-devel, p-cpe:/a:amazon:linux:systemd-journal-gateway, p-cpe:/a:amazon:linux:systemd-libs, p-cpe:/a:amazon:linux:systemd-networkd, p-cpe:/a:amazon:linux:systemd-python, p-cpe:/a:amazon:linux:systemd-resolved, p-cpe:/a:amazon:linux:systemd-sysv, cpe:/o:amazon:linux:2

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/9/2019

Vulnerability Publication Date: 1/11/2019

Reference Information

CVE: CVE-2018-16864, CVE-2018-16865, CVE-2018-16866

ALAS: 2019-1141