Wind River Support Network

HomeDefectsLIN8-8642
Fixed

LIN8-8642 : Security Advisory - systemd - CVE-2017-18078

Created: Jan 30, 2018    Updated: Dec 3, 2018
Resolved Date: Feb 6, 2018
Found In Version: 8.0.0.24
Fix Version: 8.0.0.25
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace

Description

systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.

https://nvd.nist.gov/vuln/detail/CVE-2017-18078

Other Downloads


CVEs


Live chat
Online