CVE-2018-13054

02.07.2018, 14:29

An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the respective user's $HOME/.face location. If an unprivileged user prepares a symlink pointing to an arbitrary location, then this location will be overwritten with the icon content.

Link Following

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.1 HIGH	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 58%

Vendor	Product	Version
debian	debian_linux	8.0
linuxmint	cinnamon	1.9.2 ≤ 𝑥 ≤ 3.8.6

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

cinnamon

bullseye	4.8.6-2+deb11u1 fixed
stretch	no-dsa
bookworm	5.6.8-1 fixed
sid	6.2.9-1 fixed
trixie	6.2.9-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

cinnamon

lunar	not-affected
kinetic	not-affected
jammy	not-affected
impish	not-affected
hirsute	not-affected
groovy	not-affected
focal	not-affected
eoan	not-affected
disco	not-affected
cosmic	ignored
bionic	Fixed 3.6.7-8ubuntu1+esm1 released
artful	ignored
xenial	Fixed 2.8.6-1ubuntu1+esm1 released
trusty	dne

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

https://bugzilla.suse.com/show_bug.cgi?id=1083067

https://github.com/linuxmint/Cinnamon/pull/7683

https://lists.debian.org/debian-lts-announce/2018/07/msg00011.html

https://bugzilla.suse.com/show_bug.cgi?id=1083067

https://github.com/linuxmint/Cinnamon/pull/7683

https://lists.debian.org/debian-lts-announce/2018/07/msg00011.html