Wind River Support Network

HomeDefectsLIN9-6296
Fixed

LIN9-6296 : Security Advisory - systemd - CVE-2017-18078

Created: Jan 31, 2018    Updated: Dec 24, 2018
Resolved Date: Feb 6, 2018
Found In Version: 9.0.0.13
Fix Version: 9.0.0.15
Severity: Standard
Applicable for: Wind River Linux 9
Component/s: Userspace

Description

systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.

https://nvd.nist.gov/vuln/detail/CVE-2017-18078

Other Downloads


CVEs


Live chat
Online