CVE-2012-1174 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.3 UNKNOWN	LOCAL	MEDIUM		AV:L/AC:M/Au:N/C:N/I:P/A:P

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 30%

Debian Releases

Debian Product

Codename

systemd

bookworm	252.30-1~deb12u2 fixed
bullseye	247.3-7+deb11u5 fixed
bullseye (security)	247.3-7+deb11u6 fixed
sid	256.7-3 fixed
trixie	256.7-3 fixed

openSUSE / SLES Releases

openSUSE Product

Release

libsystemd0-228

suse enterprise sap 12 SP5	155.21 fixed
suse enterprise server 12 SP5	155.21 fixed

libsystemd0-234

suse enterprise desktop 15	22.3 fixed
suse enterprise desktop 15 SP1	24.25.1 fixed
suse enterprise sap 15	22.3 fixed
suse enterprise sap 15 SP1	24.25.1 fixed
suse enterprise server 15	22.3 fixed
suse enterprise server 15 SP1	24.25.1 fixed

libsystemd0-32bit-228

suse enterprise sap 12 SP5	155.21 fixed
suse enterprise server 12 SP5	155.21 fixed

libsystemd0-32bit-234

suse enterprise desktop 15	22.3 fixed
suse enterprise desktop 15 SP1	24.25.1 fixed
suse enterprise sap 15	22.3 fixed
suse enterprise sap 15 SP1	24.25.1 fixed
suse enterprise server 15	22.3 fixed
suse enterprise server 15 SP1	24.25.1 fixed

libudev-devel-234

suse enterprise desktop 15	22.3 fixed
suse enterprise desktop 15 SP1	24.25.1 fixed
suse enterprise sap 15	22.3 fixed
suse enterprise sap 15 SP1	24.25.1 fixed
suse enterprise server 15	22.3 fixed
suse enterprise server 15 SP1	24.25.1 fixed

libudev1-228

suse enterprise sap 12 SP5	155.21 fixed
suse enterprise server 12 SP5	155.21 fixed

libudev1-234

suse enterprise desktop 15	22.3 fixed
suse enterprise desktop 15 SP1	24.25.1 fixed
suse enterprise sap 15	22.3 fixed
suse enterprise sap 15 SP1	24.25.1 fixed
suse enterprise server 15	22.3 fixed
suse enterprise server 15 SP1	24.25.1 fixed

libudev1-32bit-228

suse enterprise sap 12 SP5	155.21 fixed
suse enterprise server 12 SP5	155.21 fixed

libudev1-32bit-234

suse enterprise desktop 15	22.3 fixed
suse enterprise desktop 15 SP1	24.25.1 fixed
suse enterprise sap 15	22.3 fixed
suse enterprise sap 15 SP1	24.25.1 fixed
suse enterprise server 15	22.3 fixed
suse enterprise server 15 SP1	24.25.1 fixed

systemd-228

suse enterprise sap 12 SP5	155.21 fixed
suse enterprise server 12 SP5	155.21 fixed

systemd-234

suse enterprise desktop 15	22.3 fixed
suse enterprise desktop 15 SP1	24.25.1 fixed
suse enterprise sap 15	22.3 fixed
suse enterprise sap 15 SP1	24.25.1 fixed
suse enterprise server 15	22.3 fixed
suse enterprise server 15 SP1	24.25.1 fixed

systemd-32bit-228

suse enterprise sap 12 SP5	155.21 fixed
suse enterprise server 12 SP5	155.21 fixed

systemd-32bit-234

suse enterprise desktop 15	22.3 fixed
suse enterprise desktop 15 SP1	24.25.1 fixed
suse enterprise sap 15	22.3 fixed
suse enterprise sap 15 SP1	24.25.1 fixed
suse enterprise server 15	22.3 fixed
suse enterprise server 15 SP1	24.25.1 fixed

systemd-bash-completion-228

suse enterprise sap 12 SP5	155.21 fixed
suse enterprise server 12 SP5	155.21 fixed

systemd-bash-completion-234

suse enterprise desktop 15	22.3 fixed
suse enterprise desktop 15 SP1	24.25.1 fixed
suse enterprise sap 15	22.3 fixed
suse enterprise sap 15 SP1	24.25.1 fixed
suse enterprise server 15	22.3 fixed
suse enterprise server 15 SP1	24.25.1 fixed

systemd-container-234

suse enterprise desktop 15	22.3 fixed
suse enterprise desktop 15 SP1	24.25.1 fixed
suse enterprise sap 15	22.3 fixed
suse enterprise sap 15 SP1	24.25.1 fixed
suse enterprise server 15	22.3 fixed
suse enterprise server 15 SP1	24.25.1 fixed

systemd-coredump-234

suse enterprise desktop 15	22.3 fixed
suse enterprise desktop 15 SP1	24.25.1 fixed
suse enterprise sap 15	22.3 fixed
suse enterprise sap 15 SP1	24.25.1 fixed
suse enterprise server 15	22.3 fixed
suse enterprise server 15 SP1	24.25.1 fixed

systemd-devel-234

suse enterprise desktop 15	22.3 fixed
suse enterprise desktop 15 SP1	24.25.1 fixed
suse enterprise sap 15	22.3 fixed
suse enterprise sap 15 SP1	24.25.1 fixed
suse enterprise server 15	22.3 fixed
suse enterprise server 15 SP1	24.25.1 fixed

systemd-sysvinit-228

suse enterprise sap 12 SP5	155.21 fixed
suse enterprise server 12 SP5	155.21 fixed

systemd-sysvinit-234

suse enterprise desktop 15	22.3 fixed
suse enterprise desktop 15 SP1	24.25.1 fixed
suse enterprise sap 15	22.3 fixed
suse enterprise sap 15 SP1	24.25.1 fixed
suse enterprise server 15	22.3 fixed
suse enterprise server 15 SP1	24.25.1 fixed

udev-228

suse enterprise sap 12 SP5	155.21 fixed
suse enterprise server 12 SP5	155.21 fixed

udev-234

suse enterprise desktop 15	22.3 fixed
suse enterprise desktop 15 SP1	24.25.1 fixed
suse enterprise sap 15	22.3 fixed
suse enterprise sap 15 SP1	24.25.1 fixed
suse enterprise server 15	22.3 fixed
suse enterprise server 15 SP1	24.25.1 fixed

Known Exploits!

Common Weakness Enumeration

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References

http://cgit.freedesktop.org/systemd/systemd/commit/?id=5ebff5337594d690b322078c512eb222d34aaa82

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079075.html

http://www.mandriva.com/security/advisories?name=MDVSA-2012:030

http://www.openwall.com/lists/oss-security/2012/03/16/21

https://bugzilla.redhat.com/show_bug.cgi?id=803358

http://cgit.freedesktop.org/systemd/systemd/commit/?id=5ebff5337594d690b322078c512eb222d34aaa82

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079075.html

http://www.mandriva.com/security/advisories?name=MDVSA-2012:030

http://www.openwall.com/lists/oss-security/2012/03/16/21

https://bugzilla.redhat.com/show_bug.cgi?id=803358