Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1174

Overview

Vulnerability Score 3.3 3.3
CVE Id CVE-2012-1174
Last Modified 13 Aug 2012 11:35:28
Published 12 Jul 2012 04:55:15
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1174

Summary

The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user session."

Vulnerable Systems

Operating System

  • Linux Systemd 43


References

CONFIRM - http://cgit.freedesktop.org/systemd/systemd/commit/?id=5ebff5337594d690b322078c512eb222d34aaa82

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=803358

MLIST - [oss-security] 20120316 [Notification] CVE-2012-1174 systemd: TOCTOU race condition by removing user session

MANDRIVA - MDVSA-2012:030

FEDORA - FEDORA-2012-6456


Last Updated: 27 May 2016 10:53:36