CVE-2018-1049

MEDIUM

Description

In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.

References

http://www.securitytracker.com/id/1041520

https://access.redhat.com/errata/RHSA-2018:0260

https://bugzilla.redhat.com/show_bug.cgi?id=1534701

https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html

https://usn.ubuntu.com/3558-1/

Details

Source: MITRE

Published: 2018-02-16

Updated: 2019-10-09

Type: CWE-362

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.2

Severity: MEDIUM

Vulnerable Software

Tenable Plugins

View all (17 total)

ID	Name	Product	Family	Severity
131856	EulerOS 2.0 SP2 : systemd (EulerOS-SA-2019-2364)	Nessus	Huawei Local Security Checks	critical
127166	NewStart CGSL MAIN 5.04 : systemd Vulnerability (NS-SA-2019-0014)	Nessus	NewStart CGSL Local Security Checks	medium
124915	EulerOS Virtualization for ARM 64 3.0.1.0 : systemd (EulerOS-SA-2019-1412)	Nessus	Huawei Local Security Checks	high
121972	Photon OS 2.0: Systemd PHSA-2018-2.0-0076	Nessus	PhotonOS Local Security Checks	medium
121866	Photon OS 1.0: Systemd PHSA-2018-1.0-0167	Nessus	PhotonOS Local Security Checks	high
119039	Debian DLA-1580-1 : systemd security update	Nessus	Debian Local Security Checks	critical
117552	EulerOS Virtualization 2.5.0 : systemd (EulerOS-SA-2018-1243)	Nessus	Huawei Local Security Checks	medium
111960	Photon OS 2.0: Blktrace / Systemd / Vim PHSA-2018-2.0-0076 (deprecated)	Nessus	PhotonOS Local Security Checks	medium
111946	Photon OS 1.0: Blktrace / Libmspack / Ntp / Openjdk / Perl / Systemd / Vim PHSA-2018-1.0-0167 (deprecated)	Nessus	PhotonOS Local Security Checks	high
109129	Amazon Linux 2 : systemd (ALAS-2018-961)	Nessus	Amazon Linux Local Security Checks	medium
106620	Ubuntu 14.04 LTS / 16.04 LTS : systemd vulnerabilities (USN-3558-1)	Nessus	Ubuntu Local Security Checks	medium
106571	Oracle Linux 7 : systemd (ELSA-2018-0260)	Nessus	Oracle Linux Local Security Checks	medium
106566	CentOS 7 : systemd (CESA-2018:0260)	Nessus	CentOS Local Security Checks	medium
106554	Scientific Linux Security Update : systemd on SL7.x x86_64 (20180131)	Nessus	Scientific Linux Local Security Checks	medium
106553	RHEL 7 : systemd (RHSA-2018:0260)	Nessus	Red Hat Local Security Checks	medium
106548	openSUSE Security Update : systemd (openSUSE-2018-117)	Nessus	SuSE Local Security Checks	medium
106529	SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2018:0299-1)	Nessus	SuSE Local Security Checks	medium