86 matches found
CVE-2017-18078
systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protectedhardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks...
CVE-2017-18078
The CVE-2017-18078 issue affects systemd-tmpfiles in systemd prior to 237. The root cause is that tmpfiles may attempt ownership/permission changes on hardlinked files even when fs.protected_hardlinks is off, enabling a local attacker to bypass access restrictions by using a hard link to a file t...
CVE-2017-18078
systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protectedhardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks...
systemd (systemd-tmpfiles) < 236 - 'fs.protected_hardlinks=0' Local Privilege Escalation
Product: systemd systemd-tmpfiles Versions-affected: 236 and earlier Author: Michael Orlitzky Fixed-in: commit 5579f85 , version 237 Bug-report: https://github.com/systemd/systemd/issues/7736 Acknowledgments: Lennart Poettering who, instead of calling me an idiot for not realizing that systemd...
Apache Tomcat 8/7/6 (based on the RedHat distro)local mention the right vulnerability-vulnerability warning-the black bar safety net
I. vulnerability description Apache Tomcat on RedHat distributions local to mention the right vulnerability II. Background description Tomcat is by Apache Software Foundation subordinate's Jakarta a project development Servlet vessel, in accordance with Sun Microsystems to provide the technical...
tomcat: Local privilege escalation via systemd-tmpfiles service
It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges...