CVE-2013-4392
Published: 28 October 2013
systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
Notes
Author | Note |
---|---|
mdeslaur | this is likely in a systemd component we don't ship |
sbeattie | it also is mitigated by hardlink protections |
Priority
Status
Package | Release | Status |
---|---|---|
systemd Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Not vulnerable
(code not built)
|
|
upstream |
Released
(239)
|
|
Patches: upstream: https://github.com/systemd/systemd/commit/08c849815c8db19ab0ab1ca226354d4a104041f0 upstream: https://github.com/systemd/systemd/commit/ee9e629eea3e959f0833f299c870d320354af2f5 |
||
This vulnerability is mitigated in part by the use of hardlink restrictions in Ubuntu. |