CVE-2018-15687

Опубликовано: 26 окт. 2018

Источник: redhat

CVSS3: 6.3

Описание

A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.

Отчет

This issue did not affect the versions of systemd as shipped with Red Hat Enterprise Linux 7 as the vulnerable code was introduced in a newer version of the package.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 7	systemd	Not affected
Red Hat Enterprise Linux 8	systemd	Not affected
Red Hat Virtualization 4	systemd	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-367->CWE-59

https://bugzilla.redhat.com/show_bug.cgi?id=1639076systemd: Dereference of symlinks in chown_recursive.c:chown_one() allows for modification of file privileges

6.3 Medium

CVSS3

Связанные уязвимости

CVE-2018-15687

CVSS3: 7

ubuntu

почти 7 лет назад

A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.

CVE-2018-15687

CVSS3: 7

nvd

почти 7 лет назад

A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.

CVE-2018-15687

CVSS3: 7

msrc

около 5 лет назад

Описание отсутствует

CVE-2018-15687

CVSS3: 7

debian

почти 7 лет назад

A race condition in chown_one() of systemd allows an attacker to cause ...

GHSA-wxcv-623q-99fj

CVSS3: 7

github

больше 3 лет назад

A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.

6.3 Medium

CVSS3