systemd 'systemd-logind' Insecure File Creation Vulnerability

http://www.securityfocus.com/bid/52230

Security Info

Bugtraq ID:	52230
Class:	Design Error
CVE:	CVE-2012-0871
Remote:	No
Local:	Yes
Published:	Feb 29 2012 12:00AM
Updated:	Feb 29 2012 12:00AM
Credit:	Disclosed in the SUSE advisory.
Vulnerable:	systemd systemd 0

Not Vulnerable:

Security Discussion

systemd package is prone to a vulnerability in the 'systemd-logind' daemon because it creates certain files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks with root privileges.

Successfully mounting a symlink attack may allow the attacker to corrupt sensitive files in the context of root user. Other attacks may also be possible.

Proof of Concept and Security Exploits

An attacker can use readily available commands to exploit this issue.

Security Solution(s)

Solution:
Updates are available. Please see the references for more information.

Security References(s)

References:

systemd Package (freedesktop.org)

Emagined Security Blog featuring Dr. Eugene Schultz

Secure Web Programming
by Vizual Services