The version of systemd installed on the remote host is prior to 219-78. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1854 advisory.

    It was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT     variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment     variable which allows for commands to be checked against polkit policies using the allow_active element     rather than allow_any. (CVE-2019-3842)

    An exploitable denial of service vulnerability exists in systemd which does not fully implement RFC3203,     as it does not support authentication of FORCERENEW packets. A specially crafted DHCP FORCERENEW packet     can cause a system, running the DHCP client, to be vulnerable to a DHCP ACK spoofing attack. An attacker     can forge a pair of FORCERENEW and DCHPACK packets to reconfigure the system with arbitrary network     settings. (CVE-2020-13529)

    A flaw was found in systemd, where it mishandles numerical usernames beginning with decimal digits, or     0x followed by hexadecimal digits. When the usernames are used by systemd, for example in service units,     an unexpected user may be used instead. In some particular configurations, this flaw allows local     attackers to elevate their privileges. (CVE-2020-13776)

    A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function     and dns_stream_complete() function in resolved-dns-stream.c not incrementing the reference counting for     theDnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object,     causing the use-after-free when the reference is still used later. (CVE-2022-2526)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Amazon Linux 2 : systemd (ALAS-2022-1854)

critical Nessus Plugin ID 165993

Version 1.4

Version 1.3

Version 1.4 Dec 12, 2024, 9:55 AM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202412120955
Version 1.3 Oct 11, 2022, 2:45 PM Exploit attributes Plugin Feed: 202210111445