Bugzilla – Bug 1113666
VUL-0: CVE-2018-15687: systemd: Dereference of symlinks in chown_recursive.c:chown_one() allows for modification of file privileges
Last modified: 2019-11-15 07:55:12 UTC
A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239. References: https://bugzilla.redhat.com/show_bug.cgi?id=1639076 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15687 http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-15687.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15687 https://github.com/systemd/systemd/pull/10517/commits
According to my analysis the vulnerable code first appeared in a1164ae380, which was introduced with version v235. This would mean that our code is not affected by this. Could a systemd maintainer please verify this?
Until StateDirectory= and friends are not chowned recursively when a service is started, this is only needed by Factory (v239) indeed.
The fix has been backported to Factory so re-assigning this bug to the secteam.
fixed