Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
systemd 权限许可和访问控制问题漏洞
Vulnerability Description
systemd是德国软件开发者Lennart Poettering和其他人共同研发的一款基于Linux的系统和服务管理器,它兼容了SysV和LSB的启动脚本,且提供了一个用来表示系统服务间依赖关系的框架。systemd-tmpfiles是其中的一个用于创建和删除文件的工具。 systemd 237及之前版本中的systemd-tmpfiles存在提权漏洞。本地攻击者可利用该漏洞获取任意文件的所有权。
CVSS Information
N/A
Vulnerability Type
N/A