CVE-2018-6557

Published: 21 August 2018

The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled.

Priority

Low

CVSS 3 base score: 7.0

Status

Package Release Status
base-files
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (10.1ubuntu2.2)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
This vulnerability is mitigated in part by the use of symlink restrictions in Ubuntu.