Allele Security Alert
ASA-2018-00005
Identifier(s)
ASA-2018-00005, CVE-2018-15687
Title
The function chown_one() in systemd can dereference symlinks and is prone to race condition that allows an attacker to arbitrarily change permission of files
Vendor(s)
The systemd project
Product(s)
systemd
Affected version(s)
systemd versions up to and including 239
Fixed version(s)
systemd version v240
Description
Race condition in chown_one() in systemd allows an attacker to arbitrarily change permission of files. In some situations, systemd needs to recursively change ownership of files. In the case when the file is not a link, it needs to re-set the file mode because it can be changed by the operating system. Due to the racy behaviour of the function, an attacker can bypass the check and change the mode of any file in the system.
Reference(s)
chown_one() can dereference symlinks
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1796692
recursive chowning fixes #10517
https://github.com/systemd/systemd/pull/10517/commits/5de6cce58b3e8b79239b6e83653459d91af6e57c
Bug 1639076 – (CVE-2018-15687) CVE-2018-15687 systemd: Dereference of symlinks in chown_recursive.c:chown_one() allows for modification of file privileges
https://bugzilla.redhat.com/show_bug.cgi?id=1639076
CVE-2018-15687
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15687
CVE-2018-15687
https://nvd.nist.gov/vuln/detail/CVE-2018-15687
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: September 3, 2019