Vulnerabilities > CVE-2018-17336 - Use of Externally-Controlled Format String vulnerability in multiple products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

freedesktop

canonical

CWE-134

nessus

NVD

Published: 2018-09-22

Updated: 2019-08-06

Summary

UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings.

Vulnerable Configurations

Part	Description	Count
Application	Freedesktop Freedesktop Udisks 2.8.0	1
OS	Canonical Canonical Ubuntu Linux 18.04	1

Common Weakness Enumeration (CWE)

CWE-134 - Use of Externally-Controlled Format String

Common Attack Pattern Enumeration and Classification (CAPEC)

Format String Injection
An attacker includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An attacker can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the attacker can write to the program stack.
String Format Overflow in syslog()
This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.

Nessus

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-F0CE9A3A35.NASL
description	Security fix for CVE-2018-17336 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2019-01-03
plugin id	120893
published	2019-01-03
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/120893
title	Fedora 29 : udisks2 (2018-f0ce9a3a35)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3772-1.NASL
description	It was discovered that UDisks incorrectly handled format strings when logging. A local attacker could possibly use this issue to cause a denial of service or obtain sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	117806
published	2018-09-27
reporter	Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/117806
title	Ubuntu 18.04 LTS : udisks2 vulnerability (USN-3772-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2018-3278-1.NASL
description	This update for udisks2 fixes the following issues : Following security issues was fixed : CVE-2018-17336: A format string vulnerability in udisks_log (bsc#1109406) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-18
modified	2019-01-02
plugin id	120137
published	2019-01-02
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/120137
title	SUSE SLED15 / SLES15 Security Update : udisks2 (SUSE-SU-2018:3278-1)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-3D187B1A5B.NASL
description	Security fix for CVE-2018-17336 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2018-10-05
plugin id	117926
published	2018-10-05
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/117926
title	Fedora 27 : udisks2 (2018-3d187b1a5b)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2019-2178.NASL
description	An update for udisks2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies. Security Fix(es) : * udisks: Format string vulnerability in udisks_log in udiskslogging.c (CVE-2018-17336) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	128371
published	2019-08-30
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128371
title	CentOS 7 : udisks2 (CESA-2019:2178)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-2178.NASL
description	An update for udisks2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies. Security Fix(es) : * udisks: Format string vulnerability in udisks_log in udiskslogging.c (CVE-2018-17336) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	127692
published	2019-08-12
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/127692
title	RHEL 7 : udisks2 (RHSA-2019:2178)

NASL family	Amazon Linux Local Security Checks
NASL id	AL2_ALAS-2019-1377.NASL
description	UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings.(CVE-2018-17336) An uncontrolled format string vulnerability has been discovered in udisks when it mounts a filesystem with a malformed label. A local attacker may use this flaw to leak memory, make the udisks service crash, or cause other unspecified effects.(CVE-2018-17336)
last seen	2020-06-01
modified	2020-06-02
plugin id	132265
published	2019-12-19
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/132265
title	Amazon Linux 2 : udisks2 (ALAS-2019-1377)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2018-1247.NASL
description	This update for udisks2 fixes the following issues : Following security issues was fixed : - CVE-2018-17336: A format string vulnerability in udisks_log (bsc#1109406) Following non-security issues were fixed : - strip trailing newline from sysfs raid level information (bsc#1091274) - Fix watcher error for non-redundant raid devices. (bsc#1091274) This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-06-05
modified	2018-10-25
plugin id	118383
published	2018-10-25
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118383
title	openSUSE Security Update : udisks2 (openSUSE-2018-1247)

NASL family	NewStart CGSL Local Security Checks
NASL id	NEWSTART_CGSL_NS-SA-2019-0248_UDISKS2.NASL
description	The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has udisks2 packages installed that are affected by a vulnerability: - UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings. (CVE-2018-17336) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	132510
published	2019-12-31
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/132510
title	NewStart CGSL CORE 5.05 / MAIN 5.05 : udisks2 Vulnerability (NS-SA-2019-0248)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-77431AB417.NASL
description	Security fix for CVE-2018-17336 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2019-01-03
plugin id	120541
published	2019-01-03
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/120541
title	Fedora 28 : udisks2 (2018-77431ab417)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-2193.NASL
description	According to the version of the udisks2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings.(CVE-2018-17336) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-08
modified	2019-11-08
plugin id	130655
published	2019-11-08
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/130655
title	EulerOS 2.0 SP5 : udisks2 (EulerOS-SA-2019-2193)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20190806_UDISKS2_ON_SL7_X.NASL
description	Security Fix(es) : - udisks: Format string vulnerability in udisks_log in udiskslogging.c (CVE-2018-17336)
last seen	2020-03-18
modified	2019-08-27
plugin id	128267
published	2019-08-27
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128267
title	Scientific Linux Security Update : udisks2 on SL7.x x86_64 (20190806)

NASL family	NewStart CGSL Local Security Checks
NASL id	NEWSTART_CGSL_NS-SA-2019-0201_UDISKS2.NASL
description	The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has udisks2 packages installed that are affected by a vulnerability: - UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings. (CVE-2018-17336) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	129903
published	2019-10-15
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129903
title	NewStart CGSL CORE 5.04 / MAIN 5.04 : udisks2 Vulnerability (NS-SA-2019-0201)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-834.NASL
description	This update for udisks2 fixes the following issues : Following security issues was fixed : - CVE-2018-17336: A format string vulnerability in udisks_log (bsc#1109406) Following non-security issues were fixed : - strip trailing newline from sysfs raid level information (bsc#1091274) - Fix watcher error for non-redundant raid devices. (bsc#1091274) This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	123349
published	2019-03-27
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/123349
title	openSUSE Security Update : udisks2 (openSUSE-2019-834)

Redhat

advisories

bugzilla

id	1672664
title	Package udisks2-lsm (libstoragemgmt modules for udisks2)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND
comment udisks2-lvm2 is earlier than 0:2.7.3-9.el7
oval oval:com.redhat.rhsa:tst:20192178001
comment udisks2-lvm2 is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192178002
AND
comment udisks2 is earlier than 0:2.7.3-9.el7
oval oval:com.redhat.rhsa:tst:20192178003
comment udisks2 is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192178004
AND
comment libudisks2 is earlier than 0:2.7.3-9.el7
oval oval:com.redhat.rhsa:tst:20192178005
comment libudisks2 is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192178006
AND
comment udisks2-lsm is earlier than 0:2.7.3-9.el7
oval oval:com.redhat.rhsa:tst:20192178007
comment udisks2-lsm is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192178008
AND
comment udisks2-iscsi is earlier than 0:2.7.3-9.el7
oval oval:com.redhat.rhsa:tst:20192178009
comment udisks2-iscsi is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192178010

AND

comment libudisks2-devel is earlier than 0:2.7.3-9.el7
oval oval:com.redhat.rhsa:tst:20192178011
comment libudisks2-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192178012

rhsa

id	RHSA-2019:2178
released	2019-08-06
severity	Moderate
title	RHSA-2019:2178: udisks2 security, bug fix, and enhancement update (Moderate)

rpms

libudisks2-0:2.7.3-9.el7
libudisks2-devel-0:2.7.3-9.el7
udisks2-0:2.7.3-9.el7
udisks2-debuginfo-0:2.7.3-9.el7
udisks2-iscsi-0:2.7.3-9.el7
udisks2-lsm-0:2.7.3-9.el7
udisks2-lvm2-0:2.7.3-9.el7

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Redhat

References