PT-2018-3793 · Systemd+2 · Systemd+2

Jann Horn

·

Publicado

2018-10-26

·

Atualizado

2024-06-15

·

CVE-2018-15687

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions systemd versions up to and including 239
Description A race condition in the chown one() function of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. This issue is related to a situation where multiple executions use a shared resource with incorrect synchronization, which can be exploited to elevate privileges.
Recommendations For systemd versions up to and including 239, update to a version higher than 239 to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.

Exploit

Correção

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

ALT-PU-2018-2572
ALT-PU-2019-1000
BDU:2022-03137
CVE-2018-15687
OPENSUSE-SU-2024:11420-1
USN-3816-1
USN-3816-3

Produtos afetados

Alt Linux
Ubuntu
Systemd