Bugzilla – Bug 1120625
VUL-0: CVE-2018-16888: systemd: kills privileged process if unprivileged PIDFile was tampered
Last modified: 2020-07-07 05:12:07 UTC
systemd up to version 237 does not perform any check on the content of the PIDFile file of a service, which may result in systemd killing a process owned by other services when the service the PIDFile belongs to is stopped. In case the PIDFile is owned by unprivileged users (e.g. a service run with a different User field), systemd may kill privileged processes. A local attacker who is able to tamper with the PIDFile of a service may trick systemd into killing processes he would not have permissions to kill, in the moment a privileged user tries to kill the mentioned service. Upstream patches: https://github.com/systemd/systemd/pull/7816 Upstream issue: https://github.com/systemd/systemd/issues/6632 References: https://bugzilla.redhat.com/show_bug.cgi?id=1662867 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16888
That seems a duplicate of bsc#1065951 where we agreed to not fix SLE as the issue didn't seem critical enough... What is the status now ?
Marking as duplicate. *** This bug has been marked as a duplicate of bug 1065951 ***