systemd Session Logout File Deletion Weakness
Release Date : 2012-03-19
Criticality level : Not critical
Impact : Manipulation of data
Where : Local system
Solution Status : Unpatched
A weakness has been reported in systemd, which can be exploited by malicious, local users to manipulate certain data.
The weakness is caused due to a race condition in the systemd-logind component when removing certain records during user's logout and can be exploited to delete an arbitrary file via a symlink.
The weakness is reported in version 44 and prior.
Fixed in the GIT repository.
Provided and/or discovered by:
Reported by Michal Schmidt, Red Hat