mailing list archives
[Notification] CVE-2012-1174 systemd: TOCTOU race condition by removing user session
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Fri, 16 Mar 2012 18:50:04 +0100
this is to inform you about the following flaw in systemd:
A TOCTOU race condition was found in the way the systemd-logind login manager
of the systemd, a system and service manager for Linux, performed removal of
particular records related with user session upon user logout. A local attacker
could use this flaw to conduct symbolic link attacks, potentially leading to
removal of arbitrary system file.
Red Hat Bugzilla entry:
Credit: Issue reported by Michal Schmidt of Red Hat.
Flaw turnaround time: 16 days
Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team
- [Notification] CVE-2012-1174 systemd: TOCTOU race condition by removing user session Jan Lieskovsky (Mar 16)