CVE-2018-15687

Exploit

EPSS 0.33%
Published 26.10.2018 14:29:00
Last modified 09.06.2025 16:15:28
Source security@ubuntu.com
Teams watchlist Login
Open Login

A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.

Affected products Warnungen 0 Metrics 4 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.10

Systemd Project ≫ Systemd Version >= 235 < 240

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.33%	0.555

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C
security@ubuntu.com	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://usn.ubuntu.com/3816-1/

Third Party Advisory

https://security.gentoo.org/glsa/201810-10

Third Party Advisory

http://www.securityfocus.com/bid/105748

Third Party Advisory

Broken Link

VDB Entry

https://github.com/systemd/systemd/pull/10517/commits

Patch

Third Party Advisory

https://www.exploit-db.com/exploits/45715/