CVE-2018-15687

systemd: chown_one() can dereference symlinks

Published: 10/26/2018 Last updated: 6/9/2025 Reserved: 8/22/2018

A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.

CNA assigner: canonical (cc1ad9ee-3454-478d-9317-d3e869d708bc) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.0	7.8	High	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Opam packages affected (2)

conf-libudev ocaml-systemd

Products affected (1)

Product	Vendor	Version
systemd	systemd	<= *

References (10)

https://security.gentoo.org/glsa/201810-10
https://github.com/systemd/systemd/pull/10517/commits
http://www.securityfocus.com/bid/105748
https://usn.ubuntu.com/3816-1/
https://www.exploit-db.com/exploits/45715/
https://security.gentoo.org/glsa/201810-10
https://github.com/systemd/systemd/pull/10517/commits
http://www.securityfocus.com/bid/105748
https://usn.ubuntu.com/3816-1/
https://www.exploit-db.com/exploits/45715/

Credits (1)

Jann Horn