Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <1505981632.2048745.1516380009804.JavaMail.zimbra@redhat.com>
Date: Fri, 19 Jan 2018 11:40:09 -0500 (EST)
From: Vladis Dronov <vdronov@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2018-1049: systemd: automount: access to automounted volumes
 can lock up

Heololo,

In systemd prior to v234 a race exists between .mount and .automount units such
that automount requests from kernel may not be serviced by systemd resulting in
kernel holding the mountpoint and any processes that try to use said mount will
hang. A race like this may lead to denial of service, until mount points are
unmounted. This race is easily reproducible.

References:

https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1709649

https://github.com/coreos/bugs/issues/1630

https://bugzilla.redhat.com/show_bug.cgi?id=1534701

An upstream issue:

https://github.com/systemd/systemd/pull/5916

An upstream patch:

https://github.com/systemd/systemd/commit/e7d54bf58789545a9eb0b3964233defa0b007318

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.