CVE-2018-1049

MEDIUM

Description

In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.

References

http://www.securitytracker.com/id/1041520

https://access.redhat.com/errata/RHSA-2018:0260

https://bugzilla.redhat.com/show_bug.cgi?id=1534701

https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html

https://usn.ubuntu.com/3558-1/

Details

Source: MITRE

Published: 2018-02-16

Updated: 2019-10-09

Type: CWE-362

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.2

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:freedesktop:systemd:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

Configuration 4

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
131856EulerOS 2.0 SP2 : systemd (EulerOS-SA-2019-2364)NessusHuawei Local Security Checks
critical
127166NewStart CGSL MAIN 5.04 : systemd Vulnerability (NS-SA-2019-0014)NessusNewStart CGSL Local Security Checks
medium
124915EulerOS Virtualization for ARM 64 3.0.1.0 : systemd (EulerOS-SA-2019-1412)NessusHuawei Local Security Checks
high
121972Photon OS 2.0: Systemd PHSA-2018-2.0-0076NessusPhotonOS Local Security Checks
medium
121866Photon OS 1.0: Systemd PHSA-2018-1.0-0167NessusPhotonOS Local Security Checks
high
119039Debian DLA-1580-1 : systemd security updateNessusDebian Local Security Checks
critical
117552EulerOS Virtualization 2.5.0 : systemd (EulerOS-SA-2018-1243)NessusHuawei Local Security Checks
medium
111960Photon OS 2.0: Blktrace / Systemd / Vim PHSA-2018-2.0-0076 (deprecated)NessusPhotonOS Local Security Checks
medium
111946Photon OS 1.0: Blktrace / Libmspack / Ntp / Openjdk / Perl / Systemd / Vim PHSA-2018-1.0-0167 (deprecated)NessusPhotonOS Local Security Checks
high
109129Amazon Linux 2 : systemd (ALAS-2018-961)NessusAmazon Linux Local Security Checks
medium
106620Ubuntu 14.04 LTS / 16.04 LTS : systemd vulnerabilities (USN-3558-1)NessusUbuntu Local Security Checks
medium
106571Oracle Linux 7 : systemd (ELSA-2018-0260)NessusOracle Linux Local Security Checks
medium
106566CentOS 7 : systemd (CESA-2018:0260)NessusCentOS Local Security Checks
medium
106554Scientific Linux Security Update : systemd on SL7.x x86_64 (20180131)NessusScientific Linux Local Security Checks
medium
106553RHEL 7 : systemd (RHSA-2018:0260)NessusRed Hat Local Security Checks
medium
106548openSUSE Security Update : systemd (openSUSE-2018-117)NessusSuSE Local Security Checks
medium
106529SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2018:0299-1)NessusSuSE Local Security Checks
medium