CVE-2018-15687
systemd: chown_one() can dereference symlinks
Severity Score
7.0
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.
Una condiciĆ³n de carrera en chown_one() en systemd permite que un atacante provoque que systemd establezca permisos arbitrarios en archivos arbitrarios. Las versiones afectadas de systemd son todas hasta la 239 incluida.
Linux suffers from an issue with systemd where chown_one() can dereference symlinks.
*Credits:
Jann Horn
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-08-22 CVE Reserved
- 2018-10-26 CVE Published
- 2023-10-20 EPSS Updated
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/105748 | Broken Link |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/45715 | 2024-09-16 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/systemd/systemd/pull/10517/commits | 2023-04-20 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201810-10 | 2023-04-20 | |
| https://usn.ubuntu.com/3816-1 | 2023-04-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.10" | - |
Affected
| ||||||
| Systemd Project Search vendor "Systemd Project" | Systemd Search vendor "Systemd Project" for product "Systemd" | >= 235 < 240 Search vendor "Systemd Project" for product "Systemd" and version " >= 235 < 240" | - |
Affected
| ||||||