Vulnerability CVE-2018-6198: Information

Description

w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.

Severity: MEDIUM (4.7) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-6198
Published: Jan. 25, 2018
Modified: Dec. 29, 2023
Error type identifier: CWE-59

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
w3msisyphus0.5.3-alt3.git202005020.5.3-alt4.git20200502ALT-PU-2020-3081-1260133Fixed
w3mp100.5.3-alt3.git202005020.5.3-alt4.git20200502ALT-PU-2020-3081-1260133Fixed
w3mp90.5.3-alt3.git202005020.5.3-alt3.git20200502ALT-PU-2020-3099-2260134Fixed
w3mc10f10.5.3-alt3.git202005020.5.3-alt4.git20200502ALT-PU-2020-3081-1260133Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://salsa.debian.org/debian/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753
  • Third Party Advisory
  • Patch
https://github.com/tats/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753
  • Patch
  • Third Party Advisory
https://bugs.debian.org/888097
  • Issue Tracking
  • Patch
  • Third Party Advisory
102855
  • Third Party Advisory
  • VDB Entry
USN-3555-2
  • Third Party Advisory
USN-3555-1
  • Third Party Advisory
openSUSE-SU-2019:1142

      1. Configuration 1

        cpe:2.3:a:tats:w3m:*:*:*:*:*:*:*:*
        End including
        0.5.3

        Configuration 2

        cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
        cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
        cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
        cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.4.2
    Back to top