systemd 'systemd-logind' Insecure Temporary File Handling Vulnerability
BID:52538
Info
systemd 'systemd-logind' Insecure Temporary File Handling Vulnerability
| Bugtraq ID: | 52538 |
| Class: | Race Condition Error |
| CVE: |
CVE-2012-1174 |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 16 2012 12:00AM |
| Updated: | Apr 13 2015 09:47PM |
| Credit: | Jan Lieskovsky |
| Vulnerable: |
systemd systemd 0 Mandriva Linux Mandrake 2011 x86_64 Mandriva Linux Mandrake 2011 |
| Not Vulnerable: | |
Discussion
systemd 'systemd-logind' Insecure Temporary File Handling Vulnerability
systemd is prone to a vulnerability regarding the handling of temporary files.
An attacker can exploit this issue to delete arbitrary files, which may cause a denial-of-service condition; other attacks are also possible.
systemd is prone to a vulnerability regarding the handling of temporary files.
An attacker can exploit this issue to delete arbitrary files, which may cause a denial-of-service condition; other attacks are also possible.
Exploit / POC
systemd 'systemd-logind' Insecure Temporary File Handling Vulnerability
An attacker can exploit this issue using standard commands.
An attacker can exploit this issue using standard commands.
Solution / Fix
systemd 'systemd-logind' Insecure Temporary File Handling Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
systemd 'systemd-logind' Insecure Temporary File Handling Vulnerability
References:
References:
- systemd Package (freedesktop.org)
- CVE-2012-1174 systemd: TOCTOU race condition by removing user session (Jan Lieskovsky)
- TOCTOU race condition by removing user session (Jan Lieskovsky)