CVE-2017-18078

Publication date 29 January 2018

Last updated 25 August 2025

Ubuntu priority

Cvss 3 Severity Score

Description

systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
systemd	17.10 artful	Ignored
	16.04 LTS xenial	Ignored
	14.04 LTS trusty	Ignored

Notes

ratliff

mitigated by fs.protected_hardlinks = 1

mdeslaur

patch simply refuses to set hardlink file permissions if the kernel hardening feature is turned off, which may result in breakage. We will not be releasing an update for this issue as our default configuration is not vulnerable.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
systemd	Upstream: 5579f85

Severity score breakdown

Parameter	Value
Base score	7.8 · High
Attack vector	Local
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Other references

https://www.cve.org/CVERecord?id=CVE-2017-18078