SB2021082035 - openEuler update for systemd
Published: August 20, 2021
Security Bulletin ID
SB2021082035
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Predictable from Observable State (CVE-ID: CVE-2020-13529)
The vulnerability allows a remote attacker to reconfigure the target device.
The vulnerability exists due to usage of predictable Transactions Identifiers when processing DHCP ACK packets. A remote attacker on the same network can forge the FORCERENEW and DHCP ACK packets to reconfigure the systemd’s DHCP client settings.
Remediation
Install update from vendor's website.