Vulnerability CVE-2018-15687: Information

Description

A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.

Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-15687

Published: Oct. 26, 2018

Modified: April 20, 2023

Error type identifier: CWE-362

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
systemd	sisyphus	239-alt3	255.6-alt2	ALT-PU-2018-2572-1	215710	Fixed
systemd	p10	239-alt3	249.17-alt2	ALT-PU-2018-2572-1	215710	Fixed
systemd	p9	239-alt3	247.13-alt1	ALT-PU-2018-2572-1	215710	Fixed
systemd	c10f1	239-alt3	249.17-alt2	ALT-PU-2018-2572-1	215710	Fixed
systemd	c9f2	239-alt3	246.14-alt1	ALT-PU-2018-2572-1	215710	Fixed
systemd	p11	239-alt3	255.6-alt2	ALT-PU-2018-2572-1	215710	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://github.com/systemd/systemd/pull/10517/commits	Patch Third Party Advisory
105748	Broken Link Third Party Advisory VDB Entry
45715	Exploit Third Party Advisory VDB Entry
GLSA-201810-10	Third Party Advisory
USN-3816-1	Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
  
  Configuration 2
  cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*
  Start including
  235
  End excliding
  240

Version: v24.5.3

Vulnerability CVE-2018-15687: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2