CVE-2018-6557

Published: Aug 21, 2018Modified: Nov 21, 2024

7.0

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.0 / Impact: 5.9

Source: NVD

Description

The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled.

Affected (3)

Products: Base Files Project: Base Files · Canonical: Ubuntu Linux

Base Files Project

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Base Files Project Base Files	Version 10.1ubuntu2.2
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 18.10

Related CWEs

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (6)

http://www.securityfocus.com/bid/105148

Source: security@ubuntu.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041530

Source: security@ubuntu.com

Broken LinkThird Party AdvisoryVDB Entry

https://usn.ubuntu.com/3748-1/

Source: security@ubuntu.com

Vendor Advisory

http://www.securityfocus.com/bid/105148

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041530

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

https://usn.ubuntu.com/3748-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.