CVE-2013-4392
Published: 28 October 2013
systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
Notes
| Author | Note |
|---|---|
| mdeslaur | this is likely in a systemd component we don't ship |
| sbeattie | it also is mitigated by hardlink protections |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
systemd Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Not vulnerable
(code not built)
|
|
| upstream |
Released
(239)
|
|
|
Patches: upstream: https://github.com/systemd/systemd/commit/08c849815c8db19ab0ab1ca226354d4a104041f0 upstream: https://github.com/systemd/systemd/commit/ee9e629eea3e959f0833f299c870d320354af2f5 |
||
| This vulnerability is mitigated in part by the use of hardlink restrictions in Ubuntu. | ||