CVE-2017-18078

Publication date 29 January 2018

Last updated 24 July 2024


Ubuntu priority

Cvss 3 Severity Score

7.8 · High

Score breakdown

systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.

Read the notes from the security team

Status

Package Ubuntu Release Status
systemd 17.10 artful Ignored
16.04 LTS xenial Ignored
14.04 LTS trusty Ignored

Notes


ratliff

mitigated by fs.protected_hardlinks = 1


mdeslaur

patch simply refuses to set hardlink file permissions if the kernel hardening feature is turned off, which may result in breakage. We will not be releasing an update for this issue as our default configuration is not vulnerable.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
systemd

Severity score breakdown

Parameter Value
Base score 7.8 · High
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H