The version of systemd installed on the remote host is prior to 219-78. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1647 advisory.

  - A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd     re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly     lead to root privilege escalation. Affected releases are systemd versions up to and including 239.
    (CVE-2018-15686)

  - An allocation of memory without limits, that could result in the stack clashing with another memory     region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A     local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through     v240 are vulnerable. (CVE-2018-16864)

  - An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate     with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221     to v239 are vulnerable. (CVE-2018-16866)

  - An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the     udevadm trigger command, a memory leak may occur. (CVE-2019-20386)

  - A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux.
    Function dispatch_message_real() in journald-server.c does not free the memory allocated by     set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-     journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.
    (CVE-2019-3815)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

Amazon Linux 2 : systemd (ALAS-2021-1647)

high Nessus Plugin ID 150993

Version 1.5