local privilege escalation in systemd

2012-02-29T17:13:59
ID SUSE-SA:2012:001
Type suse
Reporter Suse
Modified 2012-02-29T17:13:59

Description

systemd-logind, part of the systemd package, keeps track of user logins and sessions. Upon login it creates dedicated files inside the /run/user/ directory in an insecure manner. This allows local attackers to create symlinks inside arbitrary directories. Further exploitation steps allow local attackers to gain root access.

Solution

There is no easy workaround, please install the update packages.