CVE-2018-1049

MEDIUM

systemd < 234 - Denial of Service via Mount and Automount Unit Race Condition

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-1049. PoCs published by lukehebe.

AI-analyzed exploit summary This Python script exploits CVE-2018-1049, a privilege escalation vulnerability in VyOS (Vyatta) via command injection in a sudo-permitted Perl script. It establishes an SSH connection, breaks out of restricted shells, and delivers a reverse shell payload.

Description

In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.

Exploits (1)

nomisec WORKING POC

by lukehebe · poc

https://github.com/lukehebe/CVE-2018-1049-POC

View Code ZIP pw:eip

This Python script exploits CVE-2018-1049, a privilege escalation vulnerability in VyOS (Vyatta) via command injection in a sudo-permitted Perl script. It establishes an SSH connection, breaks out of restricted shells, and delivers a reverse shell payload.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: VyOS (Vyatta) with vulnerable sudo configuration

Auth required

Prerequisites: Valid SSH credentials · Target running VyOS with vulnerable sudo configuration · Network access to target

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1059 - Command and Scripting Interpreter T1090 - Proxy

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1041520

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:0260

Issue Tracking, Patch, Third Party Advisory x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=1534701

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3558-1/

Scores

CVSS v3 5.9

EPSS 0.0726

EPSS Percentile 93.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-362

Status published

Products (17)

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

debian/debian_linux 8.0

redhat/enterprise_linux 7.0

redhat/enterprise_linux_aus 7.4

redhat/enterprise_linux_aus 7.6

redhat/enterprise_linux_desktop 7.0

redhat/enterprise_linux_server 7.0

redhat/enterprise_linux_server_aus 7.4

redhat/enterprise_linux_server_aus 7.6

... and 7 more

Published Feb 16, 2018

Tracked Since Feb 18, 2026