CVE-2011-3151

The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte file to be allocated on any writable filesystem.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.2 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
mitreCNA
5.2 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
VendorProductVersion
canonicalselinux
𝑥
< 1\:0.10
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
selinux
raring
not-affected
quantal
not-affected
precise
Fixed 1:0.10
released
lucid
Fixed 1:0.10~10.04.1
released
Common Weakness Enumeration
References
https://launchpadlibrarian.net/88098106/selinux_0.10~10.04.1.debdiff
https://launchpadlibrarian.net/88098106/selinux_0.10~10.04.1.debdiff