CVE-2018-6198 — Link Following in W3M

CWE-59 — Link Following CWE-377 — Insecure Temporary File12 documents8 sources

Severity

4.7MEDIUMNVD

OSV7.5

EPSS

0.1%

top 75.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tats W3M Canonical Ubuntu Linux

Timeline

PublishedJan 25

Latest updateMay 13

Description

w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages3 packages

▶Debiantats/w3m< 0.5.3-36+3

▶Ubuntutats/w3m< 0.5.3-15ubuntu0.2+1

▶NVDtats/w3m0.5.3

Also affects: Ubuntu Linux 12.04, 14.04, 16.04, 17.10

Patches

Patch: bugs.debian.org ↗Patch: github.com ↗Patch: salsa.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-gvrg-2xvq-7j38: w3m through 0↗2022-05-13

▶

OSV

w3m vulnerabilities↗2018-02-01

▶

CVEList

CVE-2018-6198: w3m through 0↗2018-01-25

▶

OSV

CVE-2018-6198: w3m through 0↗2018-01-25

▶

📋Vendor Advisories

Ubuntu

w3m vulnerabilities↗2018-02-01

▶

Ubuntu

w3m vulnerabilities↗2018-02-01

▶

Red Hat

w3m: insecure temporary files creation when ~/.w3m is unwritable↗2018-01-23

▶

Debian

CVE-2018-6198: w3m - w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m direc...↗2018

▶

💬Community

Bugzilla

CVE-2018-6198 w3m: insecure temporary files creation when ~/.w3m is unwritable [fedora-all]↗2018-01-26

▶

Bugzilla

CVE-2018-6198 w3m: insecure temporary files creation when ~/.w3m is unwritable↗2018-01-26

▶

Bugzilla

CVE-2018-6198 w3m: insecure temporary files creation when ~/.w3m is unwritable [epel-7]↗2018-01-26

▶