Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.9
CVSSv2

CVE-2018-15687

Published: 26/10/2018 Updated: 20/04/2023
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 695
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Ubuntu Linux

Vulnerability Summary

A race condition in chown_one() of systemd allows an malicious user to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

canonical ubuntu linux 18.10

systemd project systemd

Vendor Advisories

Debian CVElist Bug Report Logs: systemd: CVE-2018-15687: chown_one() can dereference symlinks
Debian Bug report logs - #912007 systemd: CVE-2018-15687: chown_one() can dereference symlinks Package: src:systemd; Maintainer for src:systemd is Debian systemd Maintainers <pkg-systemd-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 27 Oct 2018 07:57:02 UTC Sev ...
Debian CVElist Bug Report Logs: systemd: CVE-2018-15688: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling
Debian Bug report logs - #912008 systemd: CVE-2018-15688: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling Package: src:systemd; Maintainer for src:systemd is Debian systemd Maintainers <pkg-systemd-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat ...
Ubuntu Security Notice: systemd regression
USN-3816-1 caused a regression in systemd-tmpfiles ...
Ubuntu Security Notice: systemd vulnerability
systemd-tmpfiles could be made to change ownership of arbitrary files ...
Ubuntu Security Notice: systemd vulnerabilities
Several security issues were fixed in systemd ...
Red Hat: CVE-2018-15687
A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files Affected releases are systemd versions up to and including 239 ...
Arch Linux Issues:
A security issue has been found in systemd up to and including 239, where a race condition in the chown_one() function can be used to escalate privileges via a crafted symlink ...

Exploits

Exploit DB: systemd - 'chown_one()' Dereference Symlinks
[I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at githubcom/systemd/systemd/blob/master/docs/CONTRIBUTINGmd#security-vulnerability-reports ] When chown_one() in the recursive chown logic decides that it has to change ownership of a directory entry, it first changes ownership as follows: ...
Exploit DB: Linux systemd Symlink Dereference Via chown_one()
Linux suffers from an issue with systemd where chown_one() can dereference symlinks ...

References

CWE-362https://github.com/systemd/systemd/pull/10517/commitshttp://www.securityfocus.com/bid/105748https://www.exploit-db.com/exploits/45715/https://security.gentoo.org/glsa/201810-10https://usn.ubuntu.com/3816-1/https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912007https://usn.ubuntu.com/3816-3/https://www.exploit-db.com/exploits/45715/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook