UBUNTU-CVE-2017-18078

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2017-18078

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-18078.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2017-18078

Related

CVE-2017-18078

Published

2018-01-29T05:29:00Z

Modified

2018-01-29T05:29:00Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.

References

Affected packages

Ubuntu:Pro:14.04:LTS / systemd

Package

Name: systemd
Purl: pkg:deb/ubuntu/systemd?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

Other

204-0ubuntu18

204-0ubuntu19

204-5ubuntu3

204-5ubuntu5

204-5ubuntu6

204-5ubuntu7

204-5ubuntu8

204-5ubuntu9

204-5ubuntu10

204-5ubuntu11

204-5ubuntu13

204-5ubuntu14

204-5ubuntu15

204-5ubuntu16

204-5ubuntu17

204-5ubuntu18

204-5ubuntu19

204-5ubuntu20

204-5ubuntu20.*

204-5ubuntu20.2

204-5ubuntu20.3

204-5ubuntu20.4

204-5ubuntu20.5

204-5ubuntu20.6

204-5ubuntu20.7

204-5ubuntu20.8

204-5ubuntu20.9

204-5ubuntu20.10

204-5ubuntu20.11

204-5ubuntu20.12

204-5ubuntu20.13

204-5ubuntu20.14

204-5ubuntu20.15

204-5ubuntu20.18

204-5ubuntu20.19

204-5ubuntu20.20

204-5ubuntu20.21

204-5ubuntu20.22

204-5ubuntu20.24

204-5ubuntu20.25

204-5ubuntu20.26

204-5ubuntu20.28

204-5ubuntu20.29

204-5ubuntu20.31

204-5ubuntu20.31+esm2

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:16.04:LTS / systemd

Package

Name: systemd
Purl: pkg:deb/ubuntu/systemd?arch=src?distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

Other

225-1ubuntu9

227-2ubuntu1

227-2ubuntu2

228-1ubuntu2

228-2ubuntu1

228-2ubuntu2

228-3ubuntu1

228-4ubuntu1

228-4ubuntu2

228-5ubuntu1

228-5ubuntu2

228-5ubuntu3

228-6ubuntu1

229-1ubuntu2

229-1ubuntu4

229-2ubuntu1

229-3ubuntu1

229-3ubuntu2

229-4ubuntu1

229-4ubuntu4

229-4ubuntu5

229-4ubuntu6

229-4ubuntu7

229-4ubuntu8

229-4ubuntu10

229-4ubuntu11

229-4ubuntu12

229-4ubuntu13

229-4ubuntu16

229-4ubuntu17

229-4ubuntu19

229-4ubuntu20

229-4ubuntu21

229-4ubuntu21.*

229-4ubuntu21.1

229-4ubuntu21.2

229-4ubuntu21.3

229-4ubuntu21.4

229-4ubuntu21.5

229-4ubuntu21.6

229-4ubuntu21.8

229-4ubuntu21.9

229-4ubuntu21.10

229-4ubuntu21.15

229-4ubuntu21.16

229-4ubuntu21.17

229-4ubuntu21.19

229-4ubuntu21.21

229-4ubuntu21.22

229-4ubuntu21.23

229-4ubuntu21.27

229-4ubuntu21.28

229-4ubuntu21.29

229-4ubuntu21.31

229-4ubuntu21.31+esm1

229-4ubuntu21.31+esm3

Ecosystem specific

{
    "ubuntu_priority": "low"
}