CVE-2013-4392

Published: 28 October 2013

systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.

Priority

Low

Status

Package Release Status
systemd
Launchpad, Ubuntu, Debian
Upstream
Released (239)
Patches:
Upstream: https://github.com/systemd/systemd/commit/08c849815c8db19ab0ab1ca226354d4a104041f0
Upstream: https://github.com/systemd/systemd/commit/ee9e629eea3e959f0833f299c870d320354af2f5
This vulnerability is mitigated in part by the use of hardlink restrictions in Ubuntu.