local privilege escalation in systemd

ID SUSE-SA:2012:001
Type suse
Reporter Suse
Modified 2012-02-29T17:13:59


systemd-logind, part of the systemd package, keeps track of user logins and sessions. Upon login it creates dedicated files inside the /run/user/ directory in an insecure manner. This allows local attackers to create symlinks inside arbitrary directories. Further exploitation steps allow local attackers to gain root access.


There is no easy workaround, please install the update packages.