CVE-2017-18188

NameCVE-2017-18188
DescriptionOpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks sysctl is turned off, allows local users to obtain ownership of arbitrary files by creating a hard link inside a directory on which "chown -R" will be run.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow
Debian Bugs973246

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
opentmpfiles (PTS)sid0.3.1-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
opentmpfilessource(unstable)(unfixed)973246

Notes

https://github.com/OpenRC/opentmpfiles/issues/3
Search for package or bug name: Reporting problems