Test ID:	1.3.6.1.4.1.25623.1.0.843814
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3816-1)
Summary:	The remote host is missing an update for the 'systemd' package(s) announced via the USN-3816-1 advisory.
Description:	Summary: The remote host is missing an update for the 'systemd' package(s) announced via the USN-3816-1 advisory. Vulnerability Insight: Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. (CVE-2018-15686) Jann Horn discovered a race condition in chown_one(). A local attacker could potentially exploit this by setting arbitrary permissions on certain files to obtain root privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-15687) It was discovered that systemd-tmpfiles mishandled symlinks in non-terminal path components. A local attacker could potentially exploit this by gaining ownership of certain files to obtain root privileges. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-6954) Affected Software/OS: 'systemd' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 18.10. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-15686 BugTraq ID: 105747 http://www.securityfocus.com/bid/105747 https://www.exploit-db.com/exploits/45714/ https://security.gentoo.org/glsa/201810-10 https://github.com/systemd/systemd/pull/10519 https://www.oracle.com//security-alerts/cpujul2021.html https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html RedHat Security Advisories: RHSA-2019:2091 https://access.redhat.com/errata/RHSA-2019:2091 RedHat Security Advisories: RHSA-2019:3222 https://access.redhat.com/errata/RHSA-2019:3222 RedHat Security Advisories: RHSA-2020:0593 https://access.redhat.com/errata/RHSA-2020:0593 https://usn.ubuntu.com/3816-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-15687 BugTraq ID: 105748 http://www.securityfocus.com/bid/105748 https://www.exploit-db.com/exploits/45715/ https://github.com/systemd/systemd/pull/10517/commits Common Vulnerability Exposure (CVE) ID: CVE-2018-6954 https://github.com/systemd/systemd/issues/7986 https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E SuSE Security Announcement: openSUSE-SU-2019:1450 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html https://usn.ubuntu.com/3816-2/
Copyright	Copyright (C) 2018 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.