iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| iproute2_project | iproute2 | 3.0.0 |
| iproute2_project | iproute2 | * |
| iproute2_project | iproute2 | 3.1.0 |
iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 0.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| iproute2_project | iproute2 | * |
| canonical | ubuntu_linux | 18.04 |