Amazon Linux 2 : systemd (ALAS-2021-1647)

high Nessus Plugin ID 150993
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of systemd installed on the remote host is prior to 219-78. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1647 advisory.

- A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.
(CVE-2018-15686)

- An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable. (CVE-2018-16864)

- An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable. (CVE-2018-16866)

- An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur. (CVE-2019-20386)

- A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux.
Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd- journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.
(CVE-2019-3815)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update systemd' to update your system.

See Also

https://access.redhat.com/security/cve/CVE-2018-15686

https://access.redhat.com/security/cve/CVE-2018-16866

https://access.redhat.com/security/cve/CVE-2019-20386

https://access.redhat.com/security/cve/CVE-2019-3815

https://alas.aws.amazon.com/AL2/ALAS-2021-1647.html

Plugin Details

Severity: High

ID: 150993

File Name: al2_ALAS-2021-1647.nasl

Version: 1.4

Type: local

Agent: unix

Published: 6/24/2021

Updated: 7/30/2021

Dependencies: ssh_get_info.nasl

Risk Information

CVSS Score Source: CVE-2018-15686

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:o:amazon:linux:2:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:libgudev1:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:libgudev1-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:systemd:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:systemd-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:systemd-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:systemd-journal-gateway:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:systemd-libs:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:systemd-networkd:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:systemd-python:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:systemd-resolved:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:systemd-sysv:*:*:*:*:*:*:*

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/16/2021

Vulnerability Publication Date: 10/26/2018

Reference Information

CVE: CVE-2018-15686, CVE-2018-16864, CVE-2018-16866, CVE-2019-3815, CVE-2019-20386

ALAS: 2021-1647