QID 354074

Date Published: 2022-10-12

QID 354074: Amazon Linux Security Advisory for systemd : ALAS2-2022-1854

It was discovered that pam_systemd does not properly sanitize the environment before using the xdg_seat variable.
It is possible for an attacker, in some particular configurations, to set a xdg_seat environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any". (
( CVE-2019-3842) an exploitable denial of service vulnerability exists in systemd which does not fully implement rfc3203, as it does not support authentication of forcerenew packets.
A specially crafted dhcp forcerenew packet can cause a system, running the dhcp client, to be vulnerable to a dhcp ack spoofing attack.
An attacker can forge a pair of forcerenew and dchpack packets to reconfigure the system with arbitrary network settings. (
( CVE-2020-13529) a flaw was found in systemd, where it mishandles numerical usernames beginning with decimal digits, or "0x" followed by hexadecimal digits.
When the usernames are used by systemd, for example in service units, an unexpected user may be used instead.
In some particular configurations, this flaw allows local attackers to elevate their privileges. (
( CVE-2020-13776) a use-after-free vulnerability was found in systemd.
This issue occurs due to the on_stream_io() function and dns_stream_complete() function in resolved-dns-stream.c not incrementing the reference counting for the dnsstream object.
Therefore, other functions and callbacks called can dereference the dnsstream object, causing the use-after-free when the reference is still used later. (
( CVE-2022-2526)

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.

CVSS V3 rated as Critical - 9.8 severity.

CVSS V2 rated as High - 6.2 severity.

Solution

Please refer to Amazon advisory: ALAS2-2022-1854 for affected packages and patching details, or update with your package manager.

Vendor References

ALAS2-2022-1854 - alas.aws.amazon.com/AL2/ALAS-2022-1854.html

CVEs related to QID 354074

CVE-2022-2526 | CVE-2020-13529 | CVE-2020-13776 | CVE-2019-3842 |

Software Advisories

Advisory ID	Software	Component	Link
ALAS2-2022-1854	Amazon Linux 2		alas.aws.amazon.com/AL2/ALAS-2022-1854.html

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].