CVE-2017-18078
CVE-2017-18078
systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.htmlunverifiedcve_referencewww.exploit-db.com/exploits/43935/unverifiedexploitdbwww.exploit-db.com/exploits/43935unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-updates/2018-02/msg00109.htmlhttp://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.htmlhttps://github.com/systemd/systemd/issues/7736https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2019/04/msg00022.htmlhttps://www.exploit-db.com/exploits/43935/https://www.openwall.com/lists/oss-security/2018/01/29/4http://www.openwall.com/lists/oss-security/2018/01/29/3