Lucene search

K
ubuntucveUbuntu.comUB:CVE-2018-20167
HistoryDec 17, 2018 - 12:00 a.m.

CVE-2018-20167

2018-12-1700:00:00
ubuntu.com
ubuntu.com
6

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.6%

Terminology before 1.3.1 allows Remote Code Execution because popmedia is
mishandled, as demonstrated by an unsafe “cat README.md” command when \e}pn
is used. A popmedia control sequence can allow the malicious execution of
executable file formats registered in the X desktop share MIME types
(/usr/share/applications). The control sequence defers unknown file types
to the handle_unknown_media() function, which executes xdg-open against the
filename specified in the sequence. The use of xdg-open for all unknown
file types allows executable file formats with a registered shared MIME
type to be executed. An attacker can achieve remote code execution by
introducing an executable file and a plain text file containing the control
sequence through a fake software project (e.g., in Git or a tarball). When
the control sequence is rendered (such as with cat), the executable file
will be run.

Bugs

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.6%