Detections
Analytics

EulerOS 2.0 SP13 : systemd (EulerOS-SA-2025-2151)

medium Nessus Plugin ID 264849

Synopsis

The remote EulerOS host is missing a security update.

Description

According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

 A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd- coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.(CVE-2025-4598)

Tenable has extracted the preceding description block directly from the EulerOS systemd security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected systemd packages.

See Also

http://www.nessus.org/u?106f1776

Plugin Details

Severity: Medium

ID: 264849

File Name: EulerOS_SA-2025-2151.nasl

Version: 1.1

Type: local

Published: 9/16/2025

Updated: 9/16/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.1

CVSS v2

Risk Factor: Low

Base Score: 3.2

Temporal Score: 2.5

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:N/A:P

CVSS Score Source: CVE-2025-4598

CVSS v3

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 4.2

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: Medium

Base Score: 4.8

Threat Score: 1.9

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:systemd-pam, p-cpe:/a:huawei:euleros:systemd-udev-compat, p-cpe:/a:huawei:euleros:systemd-container, p-cpe:/a:huawei:euleros:systemd, p-cpe:/a:huawei:euleros:systemd-networkd, p-cpe:/a:huawei:euleros:systemd-libs, p-cpe:/a:huawei:euleros:systemd-timesyncd, p-cpe:/a:huawei:euleros:systemd-resolved, p-cpe:/a:huawei:euleros:systemd-udev, p-cpe:/a:huawei:euleros:systemd-nspawn, cpe:/o:huawei:euleros:2.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/sp

Excluded KB Items: Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/15/2025

Vulnerability Publication Date: 5/29/2025

Reference Information

CVE: CVE-2025-4598