Bug#890779: systemd: CVE-2018-6954: Mishandled sysmlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files
Salvatore Bonaccorso
carnil at debian.org
Sun Feb 18 20:35:07 GMT 2018
Source: systemd
Version: 236-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/systemd/systemd/issues/7986
Hi,
the following vulnerability was published for systemd, filling this
bug to keep track of the bug in the Debian BTS.
CVE-2018-6954[0]:
| systemd-tmpfiles in systemd through 237 mishandles symlinks present in
| non-terminal path components, which allows local users to obtain
| ownership of arbitrary files via vectors involving creation of a
| directory and a file under that directory, and later replacing that
| directory with a symlink. This occurs even if the fs.protected_symlinks
| sysctl is turned on.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-6954
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6954
[1] https://github.com/systemd/systemd/issues/7986
Please adjust the affected versions in the BTS as needed (all earlier
versions should be affected).
Regards,
Salvatore
More information about the Pkg-systemd-maintainers
mailing list