CVE-2017-18078

 

Published at: - 29-01-2018 06:29

Last modified: - 31-01-2022 07:24

Total changes: - 4

Description

systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

 

Verification logic

 

Reference

• https://github.com/systemd/systemd/issues/7736
• 43935-Exploit, Third Party Advisory, VDB Entry
• [oss-security] 20180129 Re: CVE-2017-18078: systemd-tmpfiles root privilege-Mailing List, Third Party Advisory
• [oss-security] 20180129 CVE-2018-18078: systemd-tmpfiles root privilege escalation with fs.protected_hardlinks=0-Exploit, Mailing List, Third Party Advisory
• http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html
• openSUSE-SU-2018:0560-Mailing List, Third Party Advisory
• [debian-lts-announce] 20190424 [SECURITY] [DLA 1762-1] systemd security update-Mailing List, Third Party Advisory
• [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8-Third Party Advisory
• [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8-Third Party Advisory

 

Keywords

NVD

 

CVE-2017-18078

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures