Summary: | <sys-apps/systemd-44 : Session Logout File Deletion Weakness (CVE-2012-1174) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | systemd |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/48331/ | ||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2012-03-19 16:12:01 UTC
I've released patched -44 which addresses this issue. thanks, closing CVE-2012-1174 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1174): The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user session." |