Description
The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte file to be allocated on any writable filesystem.
References (1)
Core 1
Core References
Patch, Third Party Advisory x_refsource_misc
https://launchpadlibrarian.net/88098106/selinux_0.10~10.04.1.debdiff
Scores
CVSS v3
5.2
EPSS
0.0060
EPSS Percentile
44.1%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
Details
CWE
CWE-693
Status
published
Products (1)
canonical/selinux
< 1\:0.10
Published
Apr 22, 2019
Tracked Since
Feb 18, 2026