Local File Inclusion Vulnerability in Crossroads by Debian
CVE-2018-18654

7.8HIGH

Key Information:

Vendor: Debian
Status: Crossroads
Vendor: CVE Published:; 26 October 2018

What is CVE-2018-18654?

Crossroads 2.81 has a vulnerability in its handling of the /tmp directory during the build process of the xr application. A local attacker can exploit this flaw by creating a world-writable subdirectory in the /tmp directory. They can wait for a user process to copy the xr application to this directory and then replace the original contents with a modified version that contains a Trojan horse. This manipulation allows the attacker to execute arbitrary code with the privileges of the user who is running the xr application, potentially compromising the system's security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://bugs.debian.org/911877

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 26, 2018

JSON

Debian

What is CVE-2018-18654?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.