Описание
The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte file to be allocated on any writable filesystem.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1:0.11 |
| lucid | released | 1:0.10~10.04.1 |
| precise | released | 1:0.10 |
| quantal | not-affected | 1:0.11 |
| raring | not-affected | 1:0.11 |
| upstream | released | 1:0.10 |
Показывать по
Ссылки на источники
5.8 Medium
CVSS2
5.2 Medium
CVSS3
Связанные уязвимости
The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte file to be allocated on any writable filesystem.
The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte file to be allocated on any writable filesystem.
5.8 Medium
CVSS2
5.2 Medium
CVSS3