Note:
This project will be discontinued after December 13, 2021. [more]
2018-10-26
A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.
| Products | Ubuntu_linux, Systemd |
| Type | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362) |
| First patch | - None (likely due to unavailable code) |
| Patches | https://github.com/systemd/systemd/pull/10517/commits |
| Links |
• http://www.securityfocus.com/bid/105748
• https://security.gentoo.org/glsa/201810-10 • https://usn.ubuntu.com/3816-1/ • https://www.exploit-db.com/exploits/45715/ |