Published: 12/07/2012 Updated: 14/08/2012

CVSS v2 Base Score: 3.3 | Impact Score: 4.9 | Exploitability Score: 3.4

VMScore: 294

Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P

The rm_rf_children function in util.c in the systemd-logind login manager in systemd prior to 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user session."

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux systemd 43

Debian Bug report logs - #664364 [CVE-2012-1174] systemd: TOCTOU race condition by removing user session Package: systemd; Maintainer for systemd is Debian systemd Maintainers <pkg-systemd-maintainers@listsaliothdebianorg>; Source for systemd is src:systemd (PTS, buildd, popcon) Reported by: Luciano Bello <luciano@debi ...

CWE-362 http://cgit.freedesktop.org/systemd/systemd/commit/?id=5ebff5337594d690b322078c512eb222d34aaa82 http://www.openwall.com/lists/oss-security/2012/03/16/21 http://www.mandriva.com/security/advisories?name=MDVSA-2012:030 https://bugzilla.redhat.com/show_bug.cgi?id=803358 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079075.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664364 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-1174

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect