Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.9
CVSSv3

CVE-2018-1049

Published: 16/02/2018 Updated: 31/01/2022
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Systemd Project

Vulnerability Summary

In systemd before 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

systemd project systemd

redhat enterprise linux 7.0

redhat enterprise linux desktop 7.0

redhat enterprise linux workstation 7.0

redhat enterprise linux server eus 7.6

redhat enterprise linux server tus 7.6

redhat enterprise linux aus 7.6

redhat enterprise linux server aus 7.4

redhat enterprise linux server aus 7.6

redhat enterprise linux server eus 7.4

redhat enterprise linux server eus 7.5

redhat enterprise linux server 7.0

redhat enterprise linux aus 7.4

redhat enterprise linux server tus 7.4

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

debian debian linux 8.0

Vendor Advisories

Red Hat: Moderate: systemd security update
Synopsis Moderate: systemd security update Type/Severity Security Advisory: Moderate Topic An update for systemd is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...
Ubuntu Security Notice: systemd vulnerabilities
Several security issues were fixed in systemd ...
Debian CVElist Bug Report Logs: systemd: CVE-2018-15686: reexec state injection: fgets() on overlong lines leads to line splitting
Debian Bug report logs - #912005 systemd: CVE-2018-15686: reexec state injection: fgets() on overlong lines leads to line splitting Package: src:systemd; Maintainer for src:systemd is Debian systemd Maintainers <pkg-systemd-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Dat ...
Amazon Linux 2: ALAS2-2018-961
Access to automounted volumes can lock upA race condition was found in systemd This could result in automount requests not being serviced and processes using them could hang, causing denial of service(CVE-2018-1049) ...
Red Hat: CVE-2018-1049
A race condition was found in systemd This could result in automount requests not being serviced and processes using them could hang, causing denial of service ...

References

CWE-362https://bugzilla.redhat.com/show_bug.cgi?id=1534701https://access.redhat.com/errata/RHSA-2018:0260https://usn.ubuntu.com/3558-1/http://www.securitytracker.com/id/1041520https://lists.debian.org/debian-lts-announce/2018/11/msg00017.htmlhttps://access.redhat.com/errata/RHSA-2018:0260https://usn.ubuntu.com/3558-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook