Insecure temporary file use in base-files
CVE-2018-6557

7HIGH

Key Information:

Vendor: Ubuntu
Status: Base-files
Vendor: CVE Published:; 21 August 2018

🔔 Create Ubuntu Vulnerability Alert

What is CVE-2018-6557?

The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled.

Affected Version(s)

base-files < 10.1ubuntu2.2

References

https://usn.ubuntu.com/3748-1/

vendor-advisoryx_refsource_UBUNTU

http://www.securitytracker.com/id/1041530

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/105148

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 21, 2018
Vulnerability Reserved
Feb 2, 2018

Credit

Sander Bos

.