Huawei EulerOS Local Security Checks : Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2019-1217)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.2.2019.1217

Kategorie: Huawei EulerOS Local Security Checks

Titel: Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2019-1217)

Zusammenfassung: The remote host is missing an update for the Huawei EulerOS 'systemd' package(s) announced via the EulerOS-SA-2019-1217 advisory.

Beschreibung: Summary:
The remote host is missing an update for the Huawei EulerOS 'systemd' package(s) announced via the EulerOS-SA-2019-1217 advisory.

Vulnerability Insight:
A flaw was found in the way systemd handled empty notification messages. A local attacker could use this flaw to make systemd freeze its execution, preventing further management of system services, system shutdown, or zombie process collection via systemd.(CVE-2016-7795)

systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.(CVE-2017-18078)

Affected Software/OS:
'systemd' package(s) on Huawei EulerOS Virtualization 2.5.4.

Solution:
Please install the updated package(s).

CVSS Score:
4.9

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-7795
BugTraq ID: 93223
http://www.securityfocus.com/bid/93223
https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet
http://www.openwall.com/lists/oss-security/2016/09/28/9
http://www.openwall.com/lists/oss-security/2016/09/30/1
RedHat Security Advisories: RHSA-2016:2610
http://rhn.redhat.com/errata/RHSA-2016-2610.html
RedHat Security Advisories: RHSA-2016:2694
http://rhn.redhat.com/errata/RHSA-2016-2694.html
http://www.securitytracker.com/id/1037320
http://www.ubuntu.com/usn/USN-3094-1

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.2.2019.1217
Kategorie:	Huawei EulerOS Local Security Checks
Titel:	Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2019-1217)
Zusammenfassung:	The remote host is missing an update for the Huawei EulerOS 'systemd' package(s) announced via the EulerOS-SA-2019-1217 advisory.
Beschreibung:	Summary: The remote host is missing an update for the Huawei EulerOS 'systemd' package(s) announced via the EulerOS-SA-2019-1217 advisory. Vulnerability Insight: A flaw was found in the way systemd handled empty notification messages. A local attacker could use this flaw to make systemd freeze its execution, preventing further management of system services, system shutdown, or zombie process collection via systemd.(CVE-2016-7795) systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.(CVE-2017-18078) Affected Software/OS: 'systemd' package(s) on Huawei EulerOS Virtualization 2.5.4. Solution: Please install the updated package(s). CVSS Score: 4.9 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-7795 BugTraq ID: 93223 http://www.securityfocus.com/bid/93223 https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet http://www.openwall.com/lists/oss-security/2016/09/28/9 http://www.openwall.com/lists/oss-security/2016/09/30/1 RedHat Security Advisories: RHSA-2016:2610 http://rhn.redhat.com/errata/RHSA-2016-2610.html RedHat Security Advisories: RHSA-2016:2694 http://rhn.redhat.com/errata/RHSA-2016-2694.html http://www.securitytracker.com/id/1037320 http://www.ubuntu.com/usn/USN-3094-1
Copyright	Copyright (C) 2020 Greenbone Networks GmbH