vulnerability
SUSE: CVE-2018-6954: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:C/I:C/A:C) | Feb 13, 2018 | Jan 31, 2019 | Feb 4, 2022 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
Feb 13, 2018
Added
Jan 31, 2019
Modified
Feb 4, 2022
Description
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.
Solution(s)
suse-upgrade-libsystemd0suse-upgrade-libsystemd0-32bitsuse-upgrade-libsystemd0-minisuse-upgrade-libudev-develsuse-upgrade-libudev-devel-32bitsuse-upgrade-libudev-mini-develsuse-upgrade-libudev-mini1suse-upgrade-libudev1suse-upgrade-libudev1-32bitsuse-upgrade-nss-myhostnamesuse-upgrade-nss-myhostname-32bitsuse-upgrade-nss-mymachinessuse-upgrade-nss-mymachines-32bitsuse-upgrade-nss-systemdsuse-upgrade-systemdsuse-upgrade-systemd-32bitsuse-upgrade-systemd-bash-completionsuse-upgrade-systemd-containersuse-upgrade-systemd-coredumpsuse-upgrade-systemd-develsuse-upgrade-systemd-docsuse-upgrade-systemd-journal-remotesuse-upgrade-systemd-langsuse-upgrade-systemd-loggersuse-upgrade-systemd-minisuse-upgrade-systemd-mini-bash-completionsuse-upgrade-systemd-mini-container-minisuse-upgrade-systemd-mini-coredump-minisuse-upgrade-systemd-mini-develsuse-upgrade-systemd-mini-sysvinitsuse-upgrade-systemd-sysvinitsuse-upgrade-udevsuse-upgrade-udev-mini
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.