Описание
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | released | 237-3ubuntu10.9 |
| cosmic | released | 239-7ubuntu10.4 |
| devel | released | 239-7ubuntu10.4 |
| esm-infra-legacy/trusty | not-affected | binary not built |
| esm-infra/bionic | released | 237-3ubuntu10.9 |
| esm-infra/xenial | released | 229-4ubuntu21.15 |
| precise/esm | DNE | |
| trusty | not-affected | binary not built |
| trusty/esm | not-affected | binary not built |
Показывать по
EPSS
7.2 High
CVSS2
7.8 High
CVSS3
Связанные уязвимости
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.
systemd-tmpfiles in systemd through 237 mishandles symlinks present in ...
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.
Уязвимость компонента systemd-tmpfiles демона Systemd, позволяющая нарушителю получить доступ к произвольным файлам
EPSS
7.2 High
CVSS2
7.8 High
CVSS3