The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Systemd | Systemd_project | * | 037 (including) |
| Systemd | Systemd_project | 1 (including) | 1 (including) |
| Systemd | Systemd_project | 2 (including) | 2 (including) |
| Systemd | Systemd_project | 3 (including) | 3 (including) |
| Systemd | Systemd_project | 4 (including) | 4 (including) |
| Systemd | Systemd_project | 5 (including) | 5 (including) |
| Systemd | Systemd_project | 6 (including) | 6 (including) |
| Systemd | Systemd_project | 7 (including) | 7 (including) |
| Systemd | Systemd_project | 8 (including) | 8 (including) |
| Systemd | Systemd_project | 9 (including) | 9 (including) |
| Systemd | Systemd_project | 10 (including) | 10 (including) |
| Systemd | Systemd_project | 11 (including) | 11 (including) |
| Systemd | Systemd_project | 12 (including) | 12 (including) |
| Systemd | Systemd_project | 13 (including) | 13 (including) |
| Systemd | Systemd_project | 14 (including) | 14 (including) |
| Systemd | Systemd_project | 15 (including) | 15 (including) |
| Systemd | Systemd_project | 16 (including) | 16 (including) |
| Systemd | Systemd_project | 17 (including) | 17 (including) |
| Systemd | Systemd_project | 18 (including) | 18 (including) |
| Systemd | Systemd_project | 19 (including) | 19 (including) |
| Systemd | Systemd_project | 20 (including) | 20 (including) |
| Systemd | Systemd_project | 21 (including) | 21 (including) |
| Systemd | Systemd_project | 22 (including) | 22 (including) |
| Systemd | Systemd_project | 23 (including) | 23 (including) |
| Systemd | Systemd_project | 24 (including) | 24 (including) |
| Systemd | Systemd_project | 25 (including) | 25 (including) |
| Systemd | Systemd_project | 26 (including) | 26 (including) |
| Systemd | Systemd_project | 27 (including) | 27 (including) |
| Systemd | Systemd_project | 28 (including) | 28 (including) |
| Systemd | Systemd_project | 29 (including) | 29 (including) |
| Systemd | Systemd_project | 30 (including) | 30 (including) |
| Systemd | Systemd_project | 31 (including) | 31 (including) |
| Systemd | Systemd_project | 32 (including) | 32 (including) |
| Systemd | Systemd_project | 33 (including) | 33 (including) |
| Systemd | Systemd_project | 34 (including) | 34 (including) |
| Systemd | Systemd_project | 35 (including) | 35 (including) |
| Systemd | Systemd_project | 36 (including) | 36 (including) |
| Opensuse | Opensuse | 12.1 (including) | 12.1 (including) |