 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.843834 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-3816-3) |
| Summary: | The remote host is missing an update for the 'systemd' package(s) announced via the USN-3816-3 advisory. |
| Description: | Summary: The remote host is missing an update for the 'systemd' package(s) announced via the USN-3816-3 advisory. Vulnerability Insight: USN-3816-1 fixed vulnerabilities in systemd. The fix for CVE-2018-6954 caused a regression in systemd-tmpfiles when running Ubuntu inside a container on some older kernels. This issue only affected Ubuntu 16.04 LTS. In order to continue to support this configuration, the fixes for CVE-2018-6954 have been reverted. We apologize for the inconvenience. Original advisory details: Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. (CVE-2018-15686) Jann Horn discovered a race condition in chown_one(). A local attacker could potentially exploit this by setting arbitrary permissions on certain files to obtain root privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-15687) It was discovered that systemd-tmpfiles mishandled symlinks in non-terminal path components. A local attacker could potentially exploit this by gaining ownership of certain files to obtain root privileges. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-6954) Affected Software/OS: 'systemd' package(s) on Ubuntu 16.04. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-15686 BugTraq ID: 105747 http://www.securityfocus.com/bid/105747 https://www.exploit-db.com/exploits/45714/ https://security.gentoo.org/glsa/201810-10 https://github.com/systemd/systemd/pull/10519 https://www.oracle.com//security-alerts/cpujul2021.html https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html RedHat Security Advisories: RHSA-2019:2091 https://access.redhat.com/errata/RHSA-2019:2091 RedHat Security Advisories: RHSA-2019:3222 https://access.redhat.com/errata/RHSA-2019:3222 RedHat Security Advisories: RHSA-2020:0593 https://access.redhat.com/errata/RHSA-2020:0593 https://usn.ubuntu.com/3816-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-15687 BugTraq ID: 105748 http://www.securityfocus.com/bid/105748 https://www.exploit-db.com/exploits/45715/ https://github.com/systemd/systemd/pull/10517/commits Common Vulnerability Exposure (CVE) ID: CVE-2018-6954 https://github.com/systemd/systemd/issues/7986 https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E SuSE Security Announcement: openSUSE-SU-2019:1450 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html https://usn.ubuntu.com/3816-2/ |
| Copyright | Copyright (C) 2018 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |