CVE-2018-6557

Publication date 21 August 2018

Last updated 25 August 2025

Ubuntu priority

Low

Why this priority?

Cvss 3 Severity Score

7.0 · High

Score breakdown

Description

The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled.

Read the notes from the security team

Status

Package Ubuntu Release Status
base-files 18.04 LTS bionic
Fixed 10.1ubuntu2.2
16.04 LTS xenial
Not affected
14.04 LTS trusty
Not affected

Notes

mdeslaur

low priority because of default symlink restrictions

Severity score breakdown

CVSS version: CVSS v3.0

Base score 7.0 · High

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-3748-1
    • base-files vulnerability
    • 21 August 2018

Other references

Access our resources on patching vulnerabilities