PT-2018-3793 · Systemd+2 · Systemd+2

Jann Horn

Published

2018-10-26

Updated

2024-06-15

CVE-2018-15687

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions systemd versions up to and including 239

Description A race condition in the chown one() function of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. This issue is related to a situation where multiple executions use a shared resource with incorrect synchronization, which can be exploited to elevate privileges.

Recommendations For systemd versions up to and including 239, update to a version higher than 239 to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.

Exploit

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALT-PU-2018-2572

ALT-PU-2019-1000

BDU:2022-03137

CVE-2018-15687

OPENSUSE-SU-2024:11420-1

USN-3816-1

USN-3816-3

Affected Products

Alt Linux

Ubuntu

Systemd

PT-2018-3793 · Systemd+2 · Systemd+2

CVE-2018-15687

Weakness Enumeration

Related Identifiers

Affected Products

References · 44