Title: systemd-tmpfiles root privilege escalation by following non-terminal symlinks
Author: Michael Orlitzky
Fixedin: Version 240 Pull request 8358: Commit 774f79b5 Commit 56114d45 Commit 936f6bdb Commit caced732 Commit e04fc13f Pull request 8822: Commit 31c84ff1 Commit b206ac8e Commit 14f3480a Commit 5ec9d065 Commit b1f7b17f Commit 16ba55ad Commit 14ab804e Commit 551470ec Commit 074bd73f Commit c7700a77 Commit 4ad36844 Commit 54946021 Commit 1f56e4ce Commit 4c39d899 Commit 1e912631 Commit 62f9666a Commit a2fc2f8d Commit 7ea5a87f Commit 4fe3828c Commit 2c3d5add Commit 7e531a52 Commit a12e4ade Commit 43231f00 Commit addc3e30 Commit 9f36a8fb Commit 7f6240fa
Before version 240, the systemd-tmpfiles program will follow symlinks present in a non-terminal path component while adjusting permissions and ownership. Often—and particularly with Z type entries—an attacker can introduce such a symlink and take control of arbitrary files on the system to gain root. The fs.protected_symlinks sysctl does not prevent this attack. Version 239 contained a partial fix, but only for the easy-to-exploit recursive Z type entries.
Complete details here: http://michael.orlitzky.com/cves/cve-2018-6954.xhtml
For more information, call: 410-667-3600
What is CVE?
Common Vulnerabilities and Exposures (CVE®) is a list of common identifiers for publicly known cybersecurity vulnerabilities, and is the industry standard for vulnerability and exposure identifiers.
The process of creating a CVE Entry begins with the discovery of a potential security vulnerability. The MITRE Corporation currently maintains CVE and this public website, oversees the CNAs and CVE Board, and provides impartial technical guidance throughout the process to ensure CVE serves the public interest.
About Metro Data, Inc.
Founded in 1994, Metro Data, Inc. is a leading information systems & services firm that works exclusively with business clients to develop and apply customized technology solutions that accomplish a client's strategic goals.
Businesses have chosen Metro Data, Inc. to help keep pace with the ever-changing technology landscape. Metro Data, Inc.’s "end-to-end" experience helps their customers to secure their systems, reduce costs, and improve their business information systems performance.
About the CVE Author, Michael J. Orlitzky
Mike has been with Metro Data, Inc. for over 20 years. He holds a PhD in Mathematics. He has been globally recognized for his work in discovering (and fixing) vulnerabilities in operating systems and application software. His research has been published in professional journals and he's been acknowledged by industry and academic peers for his work.