Wind River Support Network

HomeDefectsLIN10-3206
Fixed

LIN10-3206 : Security Advisory - systemd - CVE-2017-18078

Created: Jan 30, 2018    Updated: Dec 3, 2018
Resolved Date: Feb 6, 2018
Found In Version: 10.17.41.1
Fix Version: 10.17.41.4
Severity: Standard
Applicable for: Wind River Linux LTS 17
Component/s: Userspace

Description

systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.

https://nvd.nist.gov/vuln/detail/CVE-2017-18078

Other Downloads


CVEs


Live chat
Online