CVE-2018-6954
published 2018-02-13CVE-2018-6954: systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | systemd | < systemd 238-1 (bookworm) | systemd 238-1 (bookworm) |
| opensuse | leap | — | — |
| systemd_project | systemd | <= 237 | — |
| systemd_project | systemd | >= 0 < 238-1 | 238-1 |
| systemd_project | systemd | >= 0 < 238-1 | 238-1 |
| systemd_project | systemd | >= 0 < 238-1 | 238-1 |
| systemd_project | systemd | >= 0 < 238-1 | 238-1 |
| systemd_project | systemd | >= 0 < 229-4ubuntu21.9 | 229-4ubuntu21.9 |
| systemd_project | systemd | >= 0 < 229-4ubuntu21.10 | 229-4ubuntu21.10 |
| systemd_project | systemd | >= 0 < 229-4ubuntu21.8 | 229-4ubuntu21.8 |
| systemd_project | systemd | >= 0 < 237-3ubuntu10.9 | 237-3ubuntu10.9 |
| systemd_project | systemd | >= 0 < 237-3ubuntu10.6 | 237-3ubuntu10.6 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH