systemd: chown_one() can dereference symlinks
CVE-2018-15687

7HIGH

Key Information:

Vendor: Systemd
Status: Systemd
Vendor: CVE Published:; 26 October 2018

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2018-15687?

A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.

Affected Version(s)

systemd <= 239

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2018-15687 - Proof of Concept

References

https://security.gentoo.org/glsa/201810-10

vendor-advisoryx_refsource_GENTOO

https://github.com/systemd/systemd/pull/10517/commits

x_refsource_MISC

http://www.securityfocus.com/bid/105748

vdb-entryx_refsource_BID

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Oct 26, 2018
👾
Exploit known to exist
Oct 26, 2018
Vulnerability published
Oct 26, 2018
Vulnerability Reserved
Aug 22, 2018

Credit

Jann Horn

CVE-2018-15687 Data

JSON

Systemd

Badges

What is CVE-2018-15687?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V3.1

CVSS V3.0

Timeline

Credit