PT-2018-2894 · Systemd+3 · Systemd+3

Padma81

Published

2018-01-24

Updated

2024-06-15

CVE-2018-6954

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions systemd versions prior to 237

Description The issue is related to the mishandling of symlinks by systemd-tmpfiles in systemd, allowing local users to obtain ownership of arbitrary files. This occurs through the creation of a directory and a file under that directory, and later replacing that directory with a symlink. The issue persists even when the fs.protected symlinks sysctl is enabled.

Recommendations For versions prior to 237, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting the use of systemd-tmpfiles to minimize the risk of exploitation.

Exploit

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-59

Related Identifiers

ALT-PU-2018-1413

BDU:2019-02469

CVE-2018-6954

OPENSUSE-SU-2019:0098-1

OPENSUSE-SU-2019_0098-1

OPENSUSE-SU-2019_1450-1

OPENSUSE-SU-2024:11420-1

SUSE-SU-2019:0137-1

SUSE-SU-2019:1265-1

SUSE-SU-2019_1265-1

USN-3816-1

USN-3816-2

USN-3816-3

Affected Products

Alt Linux

Suse

Ubuntu

Systemd

PT-2018-2894 · Systemd+3 · Systemd+3

CVE-2018-6954

Weakness Enumeration

Related Identifiers

Affected Products

References · 72