Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

systemd: CVE-2018-6954 #1559

Closed
l2dy opened this issue Dec 23, 2018 · 3 comments

Comments

Projects
None yet
2 participants
@l2dy
Copy link
Contributor

commented Dec 23, 2018

CVE IDs: CVE-2018-6954

Other security advisory IDs: USN-3816-1

Descriptions:
Before version 240, the systemd-tmpfiles program will follow symlinks present in a non-terminal path component while adjusting permissions and ownership. Often -- and particularly with "Z" type entries -- an attacker can introduce such a symlink and take control of arbitrary files on the system to gain root. The "fs.protected_symlinks" sysctl does not prevent this attack. Version 239 contained a partial fix, but only for the easy-to-exploit recursive "Z" type entries.

PoC(s): https://www.openwall.com/lists/oss-security/2018/12/22/1

Architectural progress:

  • AMD64 amd64
  • AArch64 arm64
  • ARMv7 armel
  • PowerPC 64-bit BE ppc64
  • PowerPC 32-bit BE powerpc

@MingcongBai MingcongBai changed the title systemd: security update to 240 systemd: CVE-2018-6954 Jan 14, 2019

@MingcongBai

This comment has been minimized.

Copy link
Member

commented Jan 14, 2019

Patching instead, as patches are available.

@MingcongBai

This comment has been minimized.

Copy link
Member

commented Jan 25, 2019

Fixed with f51ebd4. Closing.

@l2dy

This comment has been minimized.

Copy link
Contributor Author

commented Jan 25, 2019

Use AOSA-2019-0009.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.