CVE-2011-3151

MEDIUM

Ubuntu SELinux <1:0.10 - Info Disclosure

Title source: llm

Description

The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte file to be allocated on any writable filesystem.

References (1)

[Patch, Third Party Advisory] https://launchpadlibrarian.net/88098106/selinux_0.10~10.04.1.debdiff

Scores

CVSS v3 5.2

EPSS 0.0016

EPSS Percentile 37.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

Classification

CWE

CWE-693

Status published

Affected Products (1)

canonical/selinux < 1\:0.10

Timeline

Published Apr 22, 2019

Tracked Since Feb 18, 2026