Published: 25/01/2018 Updated: 29/12/2023

CVSS v2 Base Score: 3.3 | Impact Score: 4.9 | Exploitability Score: 3.4

CVSS v3 Base Score: 4.7 | Impact Score: 3.6 | Exploitability Score: 1

VMScore: 294

Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P

w3m up to and including 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local malicious user to craft a symlink attack to overwrite arbitrary files.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tats w3m
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
canonical ubuntu linux 12.04
canonical ubuntu linux 17.10

Debian Bug report logs - #888097 w3m: CVE-2018-6198: insecure temporary files creation when ~/w3m is unwritable Package: w3m; Maintainer for w3m is Tatsuya Kinoshita <tats@debianorg>; Source for w3m is src:w3m (PTS, buildd, popcon) Reported by: Tatsuya Kinoshita <tats@debianorg> Date: Tue, 23 Jan 2018 10:18:02 UTC ...

Several security issues were fixed in w3m ...

w3m through 053 does not properly handle temporary files when the ~/w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files ...

CWE-59 https://salsa.debian.org/debian/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753 https://github.com/tats/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753 https://bugs.debian.org/888097 http://www.securityfocus.com/bid/102855 https://usn.ubuntu.com/3555-2/https://usn.ubuntu.com/3555-1/http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00028.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888097 https://nvd.nist.gov https://usn.ubuntu.com/3555-2/

CVE-2018-6198

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect