CVE-2018-6954
Description
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.127
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| system and service manager (USN-3816-1) systemd_239-7ubuntu10.3_amd64.deb | Linux |
| SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsystemd0-228-150.66.4.x86_64.rpm | Linux |
| SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsystemd0-32bit-228-150.66.4.x86_64.rpm | Linux |
| SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsystemd0-debuginfo-228-150.66.4.x86_64.rpm | Linux |
| SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsystemd0-debuginfo-32bit-228-150.66.4.x86_64.rpm | Linux |
| SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) libudev1-228-150.66.4.x86_64.rpm | Linux |
| SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) libudev1-32bit-228-150.66.4.x86_64.rpm | Linux |
| SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) libudev1-debuginfo-228-150.66.4.x86_64.rpm | Linux |
| SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) libudev1-debuginfo-32bit-228-150.66.4.x86_64.rpm | Linux |
| SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) systemd-228-150.66.4.x86_64.rpm | Linux |
| SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) systemd-32bit-228-150.66.4.x86_64.rpm | Linux |
| SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) systemd-bash-completion-228-150.66.4.noarch.rpm | Linux |
| SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) systemd-debuginfo-228-150.66.4.x86_64.rpm | Linux |
| SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) systemd-debuginfo-32bit-228-150.66.4.x86_64.rpm | Linux |
| SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) systemd-debugsource-228-150.66.4.x86_64.rpm | Linux |
| SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) systemd-sysvinit-228-150.66.4.x86_64.rpm | Linux |
| SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) udev-228-150.66.4.x86_64.rpm | Linux |
| SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) udev-debuginfo-228-150.66.4.x86_64.rpm | Linux |
| Systemd update (ELSA-2020-0575) systemd-239-18.0.2.el8_1.4.x86_64.rpm | Linux |
| Systemd-container update (ELSA-2020-0575) systemd-container-239-18.0.2.el8_1.4.x86_64.rpm | Linux |
| Systemd-devel update (ELSA-2020-0575) systemd-devel-239-18.0.2.el8_1.4.x86_64.rpm | Linux |
| Systemd-journal-remote update (ELSA-2020-0575) systemd-journal-remote-239-18.0.2.el8_1.4.x86_64.rpm | Linux |
| Systemd-libs update (ELSA-2020-0575) systemd-libs-239-18.0.2.el8_1.4.x86_64.rpm | Linux |
| Systemd-pam update (ELSA-2020-0575) systemd-pam-239-18.0.2.el8_1.4.x86_64.rpm | Linux |
| Systemd-tests update (ELSA-2020-0575) systemd-tests-239-18.0.2.el8_1.4.x86_64.rpm | Linux |
| Systemd-udev update (ELSA-2020-0575) systemd-udev-239-18.0.2.el8_1.4.x86_64.rpm | Linux |
| Systemd update (ELSA-2020-0575) systemd-239-18.0.2.el8_1.4.i686.rpm | Linux |
| Systemd-container update (ELSA-2020-0575) systemd-container-239-18.0.2.el8_1.4.i686.rpm | Linux |
| Systemd-devel update (ELSA-2020-0575) systemd-devel-239-18.0.2.el8_1.4.i686.rpm | Linux |
| Systemd-libs update (ELSA-2020-0575) systemd-libs-239-18.0.2.el8_1.4.i686.rpm | Linux |
| Improper Link Resolution Before File Access (Link Following) Vulnerability (CVE-2018-6954) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234