CVE-2011-3151 MEDIUM

CVE-2011-3151: SELinux initscript misuse of touch

Vendor N/A
Product n/a
Published April 22, 2019
Last update September 16, 2024

CVSS base score

5.2/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

What the vulnerability does

01Description

The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte file to be allocated on any writable filesystem.

Key dates

02Disclosure timeline

April 22, 2019 CVE published
September 16, 2024 Record updated