N/A

A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the homedir path. This flaw allows an attacker to leverage this issue by creating a symlink point to a target folder, which then has its ownership transferred to the new home directory's unprivileged user.

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

使用共享资源的并发执行不恰当同步问题(竞争条件)

oddjob 竞争条件问题漏洞

oddjob是一款用于D-Bus的具有公共网关接口功能的软件包。 oddjob 0.34.5之前版本和0.34.6之前版本中的mkhomedir工具存在竞争条件问题漏洞，该漏洞源于在创建home目录期间，mkhomedir将/etc/skel目录复制到新创建的home目录中，并在没有正确检查homedir路径的情况下将其所有权更改为home用户。攻击者可借助特制的符号链接利用该漏洞提升权限。

N/A

N/A