Local Privilege Escalation in systemd's tmpfiles Component by Red Hat
CVE-2018-6954

7.8HIGH

Key Information:

Vendor

Systemd Project

Status
Systemd
Vendor
CVE Published:
13 February 2018

What is CVE-2018-6954?

The systemd-tmpfiles component in systemd versions up to 237 is vulnerable due to improper handling of symbolic links in non-terminal path components. This flaw can be exploited by local users who can create directories and files, then replace those directories with symlinks, effectively gaining ownership of arbitrary files. This vulnerability persists regardless of the fs.protected_symlinks sysctl setting, exposing affected systems to potential exploitation.

References

https://usn.ubuntu.com/3816-2/
vendor-advisoryx_refsource_UBUNTU
https://github.com/systemd/systemd/issues/7986
x_refsource_MISC
https://usn.ubuntu.com/3816-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.