Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-15687Race Condition in Project Systemd

CWE-362Race ConditionCWE-367Time-of-check Time-of-use (TOCTOU) Race ConditionCWE-59Link Following13 documents10 sources
Severity
7.0HIGHNVD
EPSS
0.3%
top 43.87%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Systemd Project SystemdSystemdCanonical Ubuntu Linux
Timeline
PublishedOct 26
Latest updateMay 13

Description

A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages3 packages

NVDsystemd_project/systemd235240
Debiansystemd_project/systemd< 239-11+3
CVEListV5systemd/systemdunspecified239

Also affects: Ubuntu Linux 16.04, 18.04, 18.10

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

5
GHSA
GHSA-wxcv-623q-99fj: A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files2022-05-13
OSV
systemd vulnerability2018-11-19
OSV
systemd vulnerabilities2018-11-12
CVEList
systemd: chown_one() can dereference symlinks2018-10-26
OSV
CVE-2018-15687: A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files2018-10-26

💥Exploits & PoCs

1
Exploit-DB
systemd - 'chown_one()' Dereference Symlinks2018-10-29

📋Vendor Advisories

4
Ubuntu
systemd vulnerabilities2018-11-12
Red Hat
systemd: Dereference of symlinks in chown_recursive.c:chown_one() allows for modification of file privileges2018-10-26
Microsoft
systemd: chown_one() can dereference symlinks2018-10-09
Debian
CVE-2018-15687: systemd - A race condition in chown_one() of systemd allows an attacker to cause systemd t...2018

💬Community

2
Bugzilla
CVE-2018-15687 systemd: Dereference of symlinks in chown_recursive.c:chown_one() allows for modification of file privileges [fedora-all]2018-10-26
Bugzilla
CVE-2018-15687 systemd: Dereference of symlinks in chown_recursive.c:chown_one() allows for modification of file privileges2018-10-15
CVE-2018-15687 — Race Condition in Project Systemd | cvebase