Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 647796 (CVE-2018-6954)

Summary: <sys-apps/systemd-240: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files (CVE-2018-6954)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: systemd
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/systemd/systemd/issues/7986
https://bugs.gentoo.org/show_bug.cgi?id=751415
Whiteboard: B1 [noglsa cve]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2018-02-16 00:38:38 UTC 
CVE-2018-6954 (https://nvd.nist.gov/vuln/detail/CVE-2018-6954):
  systemd-tmpfiles in systemd through 237 mishandles symlinks present in
  non-terminal path components, which allows local users to obtain ownership
  of arbitrary files via vectors involving creation of a directory and a file
  under that directory, and later replacing that directory with a symlink.
  This occurs even if the fs.protected_symlinks sysctl is turned on.
Comment 1 Mike Gilbert gentoo-dev 2019-10-28 17:18:46 UTC 
I believe this bug can be closed; the oldest version of systemd in gentoo is 242.
Comment 2 Mike Gilbert gentoo-dev 2020-05-14 23:11:25 UTC 
Why is this bug still open?
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-08-29 02:17:27 UTC 
Looks like 240 was the last affected version at a quick look.
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-08-29 20:52:23 UTC 
We already did a GLSA for a newer version, so no need for this older version: bug 708806.