mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-29 09:41:05 +00:00
23 lines
1.1 KiB
Markdown
23 lines
1.1 KiB
Markdown
|
### [CVE-2018-6954](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6954)
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
### Description
|
||
|
|
|
||
|
|
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.
|
||
|
|
|
||
|
|
### POC
|
||
|
|
|
||
|
|
#### Reference
|
||
|
|
- https://github.com/systemd/systemd/issues/7986
|
||
|
|
|
||
|
|
#### Github
|
||
|
|
- https://github.com/ARPSyndicate/cvemon
|
||
|
|
- https://github.com/andir/nixos-issue-db-example
|
||
|
|
- https://github.com/flyrev/security-scan-ci-presentation
|
||
|
|
- https://github.com/lnick2023/nicenice
|
||
|
|
- https://github.com/qazbnm456/awesome-cve-poc
|
||
|
|
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
|
||
|
|
|