CVE-2018-15687

moderate-risk
Published 2018-10-26

A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.

Do I need to act?

-
0.33% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
45715
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.0/10 High
LOCAL / HIGH complexity

Affected Products (4)

Affected Vendors

Canonical Systemd Project

References (10)

Broken Link http://www.securityfocus.com/bid/105748
Patch https://github.com/systemd/systemd/pull/10517/commits
Third Party Advisory https://security.gentoo.org/glsa/201810-10
Third Party Advisory https://usn.ubuntu.com/3816-1/
Exploit https://www.exploit-db.com/exploits/45715/
Broken Link http://www.securityfocus.com/bid/105748
Patch https://github.com/systemd/systemd/pull/10517/commits
Third Party Advisory https://security.gentoo.org/glsa/201810-10
Third Party Advisory https://usn.ubuntu.com/3816-1/
Exploit https://www.exploit-db.com/exploits/45715/
36
/ 100
moderate-risk
Severity 18/34 · Moderate
Exploitability 8/34 · Low
Exposure 10/34 · Low