CVE-2018-6557

EUVD-2018-18309
The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Affected Products (NVD)
VendorProductVersion
base-files_projectbase-files
10.1ubuntu2.2:ubuntu2.2
canonicalubuntu_linux
18.04
canonicalubuntu_linux
18.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
base-files
bookworm
12.4+deb12u7
fixed
bullseye
11.1+deb11u11
fixed
sid
13.5
fixed
trixie
13.5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
base-files
bionic
Fixed 10.1ubuntu2.2
released
trusty
not-affected
xenial
not-affected
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/105148
http://www.securitytracker.com/id/1041530
https://usn.ubuntu.com/3748-1/
http://www.securityfocus.com/bid/105148
http://www.securitytracker.com/id/1041530
https://usn.ubuntu.com/3748-1/