w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00028.html | |
http://www.securityfocus.com/bid/102855 | Third Party Advisory VDB Entry |
https://bugs.debian.org/888097 | Issue Tracking Patch Third Party Advisory |
https://github.com/tats/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753 | Patch Third Party Advisory |
https://salsa.debian.org/debian/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753 | Third Party Advisory Patch |
https://usn.ubuntu.com/3555-1/ | Third Party Advisory |
https://usn.ubuntu.com/3555-2/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
29 Dec 2023, 18:38
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:tats:w3m:*:*:*:*:*:*:*:* | |
First Time |
Tats
Tats w3m |
Information
Published : 2018-01-25 03:29
Updated : 2024-02-28 16:25
NVD link : CVE-2018-6198
Mitre link : CVE-2018-6198
CVE.ORG link : CVE-2018-6198
JSON object : View
Products Affected
tats
- w3m
canonical
- ubuntu_linux
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')