CVE-2018-15687

Summary

A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.

Affected Software

VendorProductVersion RangeStatus
systemdsystemdunspecified <= 239affected

Weaknesses

  • There is a race condition between a stat(2) call and the fchmodat(2) call.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References