Race condition in systemd - CVE-2018-1049
Published: February 5, 2018
Vulnerability identifier: #VU10365
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-1049
CWE-ID: CWE-362
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Freedesktop.org
Affected software:
systemd
systemd
Detailed vulnerability description
The vulnerability allows an adjacent attacker to cause DoS condition no the target system.
The weakness exists in GNU systemd due to an error when handling malicious input. An adjacent attacker can submit a specially crafted automount request, trigger race condition and cause the service to crash.
The weakness exists in GNU systemd due to an error when handling malicious input. An adjacent attacker can submit a specially crafted automount request, trigger race condition and cause the service to crash.
How to mitigate CVE-2018-1049
Install update from vendor's website.