CVE-2018-6198

Опубликовано: 25 янв. 2018

Источник: debian

EPSS Низкий

Описание

w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
w3m	fixed	0.5.3-36		package
w3m	fixed	0.5.3-34+deb9u1	stretch	package

Примечания

https://github.com/tats/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753
Neutralised by kernel hardening

EPSS

Процентиль: 40%

0.00179

Низкий

Связанные уязвимости

CVE-2018-6198

CVSS3: 4.7

ubuntu

около 8 лет назад

w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.

CVE-2018-6198

CVSS3: 4.3

redhat

около 8 лет назад

w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.

CVE-2018-6198

CVSS3: 4.7

nvd

около 8 лет назад

w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.

GHSA-gvrg-2xvq-7j38

CVSS3: 4.7

github

больше 3 лет назад

w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.

openSUSE-SU-2019:1142-1

suse-cvrf

почти 7 лет назад

Security update for w3m

EPSS

Процентиль: 40%

0.00179

Низкий