ID CVE-2018-1049
Summary In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.
References
Vulnerable Configurations
  • freedesktop Systemd 1
    cpe:2.3:a:freedesktop:systemd:1
  • freedesktop Systemd 2
    cpe:2.3:a:freedesktop:systemd:2
  • freedesktop Systemd 3
    cpe:2.3:a:freedesktop:systemd:3
  • freedesktop Systemd 4
    cpe:2.3:a:freedesktop:systemd:4
  • freedesktop Systemd 5
    cpe:2.3:a:freedesktop:systemd:5
  • freedesktop Systemd 6
    cpe:2.3:a:freedesktop:systemd:6
  • freedesktop Systemd 7
    cpe:2.3:a:freedesktop:systemd:7
  • freedesktop Systemd 8
    cpe:2.3:a:freedesktop:systemd:8
  • freedesktop Systemd 9
    cpe:2.3:a:freedesktop:systemd:9
  • freedesktop Systemd 10
    cpe:2.3:a:freedesktop:systemd:10
  • freedesktop Systemd 11
    cpe:2.3:a:freedesktop:systemd:11
  • freedesktop Systemd 12
    cpe:2.3:a:freedesktop:systemd:12
  • freedesktop Systemd 13
    cpe:2.3:a:freedesktop:systemd:13
  • freedesktop Systemd 14
    cpe:2.3:a:freedesktop:systemd:14
  • freedesktop Systemd 15
    cpe:2.3:a:freedesktop:systemd:15
  • freedesktop Systemd 16
    cpe:2.3:a:freedesktop:systemd:16
  • freedesktop Systemd 17
    cpe:2.3:a:freedesktop:systemd:17
  • freedesktop Systemd 18
    cpe:2.3:a:freedesktop:systemd:18
  • freedesktop Systemd 19
    cpe:2.3:a:freedesktop:systemd:19
  • freedesktop Systemd 20
    cpe:2.3:a:freedesktop:systemd:20
  • freedesktop Systemd 21
    cpe:2.3:a:freedesktop:systemd:21
  • freedesktop Systemd 22
    cpe:2.3:a:freedesktop:systemd:22
  • freedesktop Systemd 23
    cpe:2.3:a:freedesktop:systemd:23
  • freedesktop Systemd 24
    cpe:2.3:a:freedesktop:systemd:24
  • freedesktop Systemd 25
    cpe:2.3:a:freedesktop:systemd:25
  • freedesktop Systemd 26
    cpe:2.3:a:freedesktop:systemd:26
  • freedesktop Systemd 27
    cpe:2.3:a:freedesktop:systemd:27
  • freedesktop Systemd 28
    cpe:2.3:a:freedesktop:systemd:28
  • freedesktop Systemd 29
    cpe:2.3:a:freedesktop:systemd:29
  • freedesktop Systemd 30
    cpe:2.3:a:freedesktop:systemd:30
  • freedesktop Systemd 31
    cpe:2.3:a:freedesktop:systemd:31
  • freedesktop Systemd 32
    cpe:2.3:a:freedesktop:systemd:32
  • freedesktop Systemd 33
    cpe:2.3:a:freedesktop:systemd:33
  • freedesktop Systemd 34
    cpe:2.3:a:freedesktop:systemd:34
  • freedesktop Systemd 35
    cpe:2.3:a:freedesktop:systemd:35
  • freedesktop Systemd 36
    cpe:2.3:a:freedesktop:systemd:36
  • freedesktop Systemd 37
    cpe:2.3:a:freedesktop:systemd:37
  • freedesktop Systemd 38
    cpe:2.3:a:freedesktop:systemd:38
  • freedesktop Systemd 39
    cpe:2.3:a:freedesktop:systemd:39
  • freedesktop Systemd 40
    cpe:2.3:a:freedesktop:systemd:40
  • freedesktop Systemd 41
    cpe:2.3:a:freedesktop:systemd:41
  • freedesktop Systemd 42
    cpe:2.3:a:freedesktop:systemd:42
  • freedesktop Systemd 43
    cpe:2.3:a:freedesktop:systemd:43
  • freedesktop Systemd 44
    cpe:2.3:a:freedesktop:systemd:44
  • freedesktop Systemd 174
    cpe:2.3:a:freedesktop:systemd:174
  • freedesktop Systemd 175
    cpe:2.3:a:freedesktop:systemd:175
  • freedesktop Systemd 176
    cpe:2.3:a:freedesktop:systemd:176
  • freedesktop Systemd 177
    cpe:2.3:a:freedesktop:systemd:177
  • freedesktop Systemd 178
    cpe:2.3:a:freedesktop:systemd:178
  • freedesktop Systemd 179
    cpe:2.3:a:freedesktop:systemd:179
  • freedesktop Systemd 180
    cpe:2.3:a:freedesktop:systemd:180
  • freedesktop Systemd 181
    cpe:2.3:a:freedesktop:systemd:181
  • freedesktop Systemd 182
    cpe:2.3:a:freedesktop:systemd:182
  • freedesktop Systemd 183
    cpe:2.3:a:freedesktop:systemd:183
  • freedesktop Systemd 184
    cpe:2.3:a:freedesktop:systemd:184
  • freedesktop Systemd 185
    cpe:2.3:a:freedesktop:systemd:185
  • freedesktop Systemd 186
    cpe:2.3:a:freedesktop:systemd:186
  • freedesktop Systemd 187
    cpe:2.3:a:freedesktop:systemd:187
  • freedesktop Systemd 188
    cpe:2.3:a:freedesktop:systemd:188
  • freedesktop Systemd 189
    cpe:2.3:a:freedesktop:systemd:189
  • freedesktop Systemd 190
    cpe:2.3:a:freedesktop:systemd:190
  • freedesktop Systemd 191
    cpe:2.3:a:freedesktop:systemd:191
  • freedesktop Systemd 192
    cpe:2.3:a:freedesktop:systemd:192
  • freedesktop Systemd 193
    cpe:2.3:a:freedesktop:systemd:193
  • freedesktop Systemd 194
    cpe:2.3:a:freedesktop:systemd:194
  • freedesktop Systemd 195
    cpe:2.3:a:freedesktop:systemd:195
  • freedesktop Systemd 196
    cpe:2.3:a:freedesktop:systemd:196
  • freedesktop Systemd 197
    cpe:2.3:a:freedesktop:systemd:197
  • freedesktop Systemd 198
    cpe:2.3:a:freedesktop:systemd:198
  • freedesktop Systemd 199
    cpe:2.3:a:freedesktop:systemd:199
  • freedesktop Systemd 200
    cpe:2.3:a:freedesktop:systemd:200
  • freedesktop Systemd 201
    cpe:2.3:a:freedesktop:systemd:201
  • freedesktop Systemd 202
    cpe:2.3:a:freedesktop:systemd:202
  • freedesktop Systemd 203
    cpe:2.3:a:freedesktop:systemd:203
  • freedesktop Systemd 204
    cpe:2.3:a:freedesktop:systemd:204
  • freedesktop Systemd 205
    cpe:2.3:a:freedesktop:systemd:205
  • freedesktop Systemd 206
    cpe:2.3:a:freedesktop:systemd:206
  • freedesktop Systemd 207
    cpe:2.3:a:freedesktop:systemd:207
  • freedesktop Systemd 208
    cpe:2.3:a:freedesktop:systemd:208
  • freedesktop Systemd 209
    cpe:2.3:a:freedesktop:systemd:209
  • freedesktop Systemd 210
    cpe:2.3:a:freedesktop:systemd:210
  • freedesktop Systemd 211
    cpe:2.3:a:freedesktop:systemd:211
  • freedesktop Systemd 212
    cpe:2.3:a:freedesktop:systemd:212
  • freedesktop Systemd 213
    cpe:2.3:a:freedesktop:systemd:213
  • freedesktop Systemd 214
    cpe:2.3:a:freedesktop:systemd:214
  • freedesktop Systemd 215
    cpe:2.3:a:freedesktop:systemd:215
  • freedesktop Systemd 216
    cpe:2.3:a:freedesktop:systemd:216
  • freedesktop Systemd 217
    cpe:2.3:a:freedesktop:systemd:217
  • freedesktop Systemd 218
    cpe:2.3:a:freedesktop:systemd:218
  • freedesktop Systemd 219
    cpe:2.3:a:freedesktop:systemd:219
  • freedesktop Systemd 220
    cpe:2.3:a:freedesktop:systemd:220
  • freedesktop Systemd 221
    cpe:2.3:a:freedesktop:systemd:221
  • freedesktop Systemd 222
    cpe:2.3:a:freedesktop:systemd:222
  • freedesktop Systemd 223
    cpe:2.3:a:freedesktop:systemd:223
  • freedesktop Systemd 224
    cpe:2.3:a:freedesktop:systemd:224
  • freedesktop Systemd 225
    cpe:2.3:a:freedesktop:systemd:225
  • freedesktop Systemd 226
    cpe:2.3:a:freedesktop:systemd:226
  • freedesktop Systemd 227
    cpe:2.3:a:freedesktop:systemd:227
  • freedesktop Systemd 228
    cpe:2.3:a:freedesktop:systemd:228
  • freedesktop Systemd 229
    cpe:2.3:a:freedesktop:systemd:229
  • freedesktop Systemd 230
    cpe:2.3:a:freedesktop:systemd:230
  • freedesktop Systemd 231
    cpe:2.3:a:freedesktop:systemd:231
  • freedesktop Systemd 232
    cpe:2.3:a:freedesktop:systemd:232
  • Freedesktop systemd 233
    cpe:2.3:a:freedesktop:systemd:233
  • Red Hat Enterprise Linux (RHEL) 7.0 (7)
    cpe:2.3:o:redhat:enterprise_linux:7.0
  • Red Hat Enterprise Linux Advanced mission critical Update Support (AUS) 7.4
    cpe:2.3:o:redhat:enterprise_linux_aus:7.4
  • Red Hat Enterprise Linux Advanced mission critical Update Support (AUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_aus:7.6
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 7.4
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4
  • Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.4
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.5
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6
  • Red Hat Enterprise Linux Server TUS 7.4
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4
  • Red Hat Enterprise Linux Server Telecommunications Update Service (TUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-362
CAPEC
  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
nessus via4
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180131_SYSTEMD_ON_SL7_X.NASL
    description Security Fix(es) : - A race condition was found in systemd. This could result in automount requests not being serviced and processes using them could hang, causing denial of service. (CVE-2018-1049)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 106554
    published 2018-02-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106554
    title Scientific Linux Security Update : systemd on SL7.x x86_64
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-2_0-0076.NASL
    description An update of 'vim', 'blktrace', 'systemd' packages of Photon OS has been released.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 111960
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111960
    title Photon OS 2.0: Blktrace / Systemd / Vim PHSA-2018-2.0-0076 (deprecated)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-0260.NASL
    description An update for systemd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * A race condition was found in systemd. This could result in automount requests not being serviced and processes using them could hang, causing denial of service. (CVE-2018-1049)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 106566
    published 2018-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106566
    title CentOS 7 : systemd (CESA-2018:0260)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-117.NASL
    description This update for systemd fixes several issues. This security issue was fixed : - CVE-2018-1049: Prevent race that can lead to DoS when using automounts (bsc#1076308). These non-security issues were fixed : - core: don't choke if a unit another unit triggers vanishes during reload - delta: don't ignore PREFIX when the given argument is PREFIX/SUFFIX - delta: extend skip logic to work on full directory paths (prefix+suffix) (bsc#1070428) - delta: check if a prefix needs to be skipped only once - delta: skip symlink paths when split-usr is enabled (#4591) - sysctl: use raw file descriptor in sysctl_write (#7753) - sd-netlink: don't take possesion of netlink fd from caller on failure (bsc#1074254) - Fix the regexp used to detect broken by-id symlinks in /etc/crypttab It was missing the following case: '/dev/disk/by-id/cr_-xxx'. - sysctl: disable buffer while writing to /proc (bsc#1071558) - Use read_line() and LONG_LINE_MAX to read values configuration files. (bsc#1071558) - sysctl: no need to check for eof twice - def: add new constant LONG_LINE_MAX - fileio: add new helper call read_line() as bounded getline() replacement - service: Don't stop unneeded units needed by restarted service (#7526) (bsc#1066156) - gpt-auto-generator: fix the handling of the value returned by fstab_has_fstype() in add_swap() (#6280) - gpt-auto-generator: disable gpt auto logic for swaps if at least one is defined in fstab (bsc#897422) - fstab-util: introduce fstab_has_fstype() helper - fstab-generator: ignore root=/dev/nfs (#3591) - fstab-generator: don't process root= if it happens to be 'gpt-auto' (#3452) - virt: use XENFEAT_dom0 to detect the hardware domain (#6442, #6662) (#7581) (bsc#1048510) - analyze: replace --no-man with --man=no in the man page (bsc#1068251) - udev: net_setup_link: don't error out when we couldn't apply link config (#7328) - Add missing /etc/systemd/network directory - Fix parsing of features in detect_vm_xen_dom0 (#7890) (bsc#1048510) - sd-bus: use -- when passing arguments to ssh (#6706) - systemctl: make sure we terminate the bus connection first, and then close the pager (#3550) - sd-bus: bump message queue size (bsc#1075724) - tmpfiles: downgrade warning about duplicate line This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen 2019-02-21
    modified 2018-02-01
    plugin id 106548
    published 2018-02-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106548
    title openSUSE Security Update : systemd (openSUSE-2018-117)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3558-1.NASL
    description Karim Hossen & Thomas Imbert and Nelson William Gamazo Sanchez independently discovered that systemd-resolved incorrectly handled certain DNS responses. A remote attacker could possibly use this issue to cause systemd to temporarily stop responding, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-15908) It was discovered that systemd incorrectly handled automounted volumes. A local attacker could possibly use this issue to cause applications to hang, resulting in a denial of service. (CVE-2018-1049). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 106620
    published 2018-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106620
    title Ubuntu 14.04 LTS / 16.04 LTS : systemd vulnerabilities (USN-3558-1)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1243.NASL
    description According to the version of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.(CVE-2018-1049) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 117552
    published 2018-09-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117552
    title EulerOS Virtualization 2.5.0 : systemd (EulerOS-SA-2018-1243)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0167.NASL
    description An update of 'vim', 'ntp', 'openjdk', 'libmspack', 'blktrace', 'systemd', 'perl' packages of Photon OS has been released.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 111946
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111946
    title Photon OS 1.0: Blktrace / Libmspack / Ntp / Openjdk / Perl / Systemd / Vim PHSA-2018-1.0-0167 (deprecated)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-0260.NASL
    description An update for systemd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * A race condition was found in systemd. This could result in automount requests not being serviced and processes using them could hang, causing denial of service. (CVE-2018-1049)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 106553
    published 2018-02-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106553
    title RHEL 7 : systemd (RHSA-2018:0260)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-0260.NASL
    description From Red Hat Security Advisory 2018:0260 : An update for systemd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es) : * A race condition was found in systemd. This could result in automount requests not being serviced and processes using them could hang, causing denial of service. (CVE-2018-1049)
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 106571
    published 2018-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106571
    title Oracle Linux 7 : systemd (ELSA-2018-0260)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-2_0-0076_SYSTEMD.NASL
    description An update of the systemd package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121972
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121972
    title Photon OS 2.0: Systemd PHSA-2018-2.0-0076
  • NASL family Amazon Linux Local Security Checks
    NASL id AL2_ALAS-2018-961.NASL
    description Access to automounted volumes can lock up A race condition was found in systemd. This could result in automount requests not being serviced and processes using them could hang, causing denial of service.(CVE-2018-1049)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 109129
    published 2018-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109129
    title Amazon Linux 2 : systemd (ALAS-2018-961)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0299-1.NASL
    description This update for systemd fixes several issues. This security issue was fixed : - CVE-2018-1049: Prevent race that can lead to DoS when using automounts (bsc#1076308). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 106529
    published 2018-01-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106529
    title SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2018:0299-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1580.NASL
    description systemd was found to suffer from multiple security vulnerabilities ranging from denial of service attacks to possible root privilege escalation. CVE-2018-1049 A race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted. CVE-2018-15686 A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. CVE-2018-15688 A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd, which is not enabled by default in Debian. For Debian 8 'Jessie', these problems have been fixed in version 215-17+deb8u8. We recommend that you upgrade your systemd packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-11
    plugin id 119039
    published 2018-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119039
    title Debian DLA-1580-1 : systemd security update
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0167_SYSTEMD.NASL
    description An update of the systemd package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121866
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121866
    title Photon OS 1.0: Systemd PHSA-2018-1.0-0167
redhat via4
advisories
bugzilla
id 1534701
title CVE-2018-1049 systemd: automount: access to automounted volumes can lock up
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhba:tst:20150364001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhba:tst:20150364002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhba:tst:20150364003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20150364004
  • OR
    • AND
      • comment libgudev1 is earlier than 0:219-42.el7_4.7
        oval oval:com.redhat.rhsa:tst:20180260023
      • comment libgudev1 is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20152092016
    • AND
      • comment libgudev1-devel is earlier than 0:219-42.el7_4.7
        oval oval:com.redhat.rhsa:tst:20180260007
      • comment libgudev1-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20152092008
    • AND
      • comment systemd is earlier than 0:219-42.el7_4.7
        oval oval:com.redhat.rhsa:tst:20180260009
      • comment systemd is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20152092020
    • AND
      • comment systemd-devel is earlier than 0:219-42.el7_4.7
        oval oval:com.redhat.rhsa:tst:20180260017
      • comment systemd-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20152092018
    • AND
      • comment systemd-journal-gateway is earlier than 0:219-42.el7_4.7
        oval oval:com.redhat.rhsa:tst:20180260019
      • comment systemd-journal-gateway is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20152092024
    • AND
      • comment systemd-libs is earlier than 0:219-42.el7_4.7
        oval oval:com.redhat.rhsa:tst:20180260021
      • comment systemd-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20152092012
    • AND
      • comment systemd-networkd is earlier than 0:219-42.el7_4.7
        oval oval:com.redhat.rhsa:tst:20180260013
      • comment systemd-networkd is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20152092006
    • AND
      • comment systemd-python is earlier than 0:219-42.el7_4.7
        oval oval:com.redhat.rhsa:tst:20180260005
      • comment systemd-python is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20152092014
    • AND
      • comment systemd-resolved is earlier than 0:219-42.el7_4.7
        oval oval:com.redhat.rhsa:tst:20180260015
      • comment systemd-resolved is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20152092022
    • AND
      • comment systemd-sysv is earlier than 0:219-42.el7_4.7
        oval oval:com.redhat.rhsa:tst:20180260011
      • comment systemd-sysv is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20152092010
rhsa
id RHSA-2018:0260
released 2018-01-31
severity Moderate
title RHSA-2018:0260: systemd security update (Moderate)
rpms
  • libgudev1-0:219-42.el7_4.7
  • libgudev1-devel-0:219-42.el7_4.7
  • systemd-0:219-42.el7_4.7
  • systemd-devel-0:219-42.el7_4.7
  • systemd-journal-gateway-0:219-42.el7_4.7
  • systemd-libs-0:219-42.el7_4.7
  • systemd-networkd-0:219-42.el7_4.7
  • systemd-python-0:219-42.el7_4.7
  • systemd-resolved-0:219-42.el7_4.7
  • systemd-sysv-0:219-42.el7_4.7
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=1534701
mlist [debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update
sectrack 1041520
ubuntu USN-3558-1
Last major update 16-02-2018 - 16:29
Published 16-02-2018 - 16:29
Last modified 26-04-2019 - 09:07
Back to Top