CVE-2018-6693 - OpenCVE

An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbitrary files.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction Required

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel
Mcafee	Endpoint Security For Linux Threat Prevention Endpoint Security Linux Threat Prevention

Configuration 1 [-]

AND

OR	cpe:2.3:a:mcafee:endpoint_security_for_linux_threat_prevention::::::::
	cpe:2.3:a:mcafee:endpoint_security_for_linux_threat_prevention:10.5.1:::::::*
	cpe:2.3:a:mcafee:endpoint_security_linux_threat_prevention:10.5.0:::::::*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://kc.mcafee.com/corporate/index?page=content&id=SB10248

History

No history.

MITRE

Status: PUBLISHED

Assigner: trellix

Published: 2018-09-18T22:00:00

Updated: 2024-08-05T06:10:11.241Z

Reserved: 2018-02-06T00:00:00

Link: CVE-2018-6693

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-09-18T21:29:04.183

Modified: 2023-11-07T03:00:25.907

Link: CVE-2018-6693

Redhat

No data.

{"containers": {"cna": {"affected": [{"platforms": ["x86"], "product": " Endpoint Security for Linux Threat Prevention (ENSLTP)", "vendor": "McAfee", "versions": [{"status": "affected", "version": "10.5.0"}, {"status": "affected", "version": "10.5.1 10.5.0"}, {"lessThanOrEqual": "10.2.3 Hotfix 1246778", "status": "affected", "version": "10.2.3 Hotfix 1246778", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "RACK911Labs.com"}], "datePublic": "2018-09-11T00:00:00", "descriptions": [{"lang": "en", "value": "An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbitrary files."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-363", "description": "Race Condition Enabling Link Following (CWE-363)", "lang": "en", "type": "CWE"}, {"cweId": "CWE-274", "description": "Privilege Escalation (CWE-274)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-09-18T21:57:01", "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10248"}], "source": {"discovery": "EXTERNAL"}, "title": " Endpoint Security for Linux Threat Prevention (ENSLTP) privilege escalation vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@mcafee.com", "ID": "CVE-2018-6693", "STATE": "PUBLIC", "TITLE": " Endpoint Security for Linux Threat Prevention (ENSLTP) privilege escalation vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": " Endpoint Security for Linux Threat Prevention (ENSLTP)", "version": {"version_data": [{"affected": "=", "platform": "x86", "version_affected": "=", "version_name": "10.5.0", "version_value": "10.5.0"}, {"affected": "=", "platform": "x86", "version_affected": "=", "version_name": "10.5.1", "version_value": "10.5.0"}, {"affected": "<=", "platform": "x86", "version_affected": "<=", "version_name": "10.2.3 Hotfix 1246778", "version_value": "10.2.3 Hotfix 1246778"}]}}]}, "vendor_name": "McAfee"}]}}, "credit": [{"lang": "eng", "value": "RACK911Labs.com"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbitrary files."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Race Condition Enabling Link Following (CWE-363)"}, {"lang": "eng", "value": "Privilege Escalation (CWE-274)"}]}]}, "references": {"reference_data": [{"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10248", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10248"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:10:11.241Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10248"}]}]}, "cveMetadata": {"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "assignerShortName": "trellix", "cveId": "CVE-2018-6693", "datePublished": "2018-09-18T22:00:00", "dateReserved": "2018-02-06T00:00:00", "dateUpdated": "2024-08-05T06:10:11.241Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:endpoint_security_for_linux_threat_prevention:*:*:*:*:*:*:*:*", "matchCriteriaId": "439AADAD-84DB-4581-93C1-253F89684384", "versionEndIncluding": "10.2.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:endpoint_security_for_linux_threat_prevention:10.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "6278180A-B4D9-423F-8079-DCF3634A3F74", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:endpoint_security_linux_threat_prevention:10.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "DAA059FE-76F2-4246-8F07-AB7490C84728", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbitrary files."}, {"lang": "es", "value": "Un usuario sin privilegios puede eliminar archivos arbitrarios en un sistema Linux que ejecuta ENSLTP 10.5.1, 10.5.0 y 10.2.3 Hotfix 1246778 y anteriores. Mediante la explotaci\u00f3n de una condici\u00f3n de carrera TOCTOU (Time-of-check to Time-of-use) durante una secuencia espec\u00edfica de escaneo, el usuario sin privilegios puede realizar un escalado de privilegios para eliminar archivos arbitrarios."}], "id": "CVE-2018-6693", "lastModified": "2023-11-07T03:00:25.907", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L", "version": "3.0"}, "exploitabilityScore": 1.3, "impactScore": 4.2, "source": "trellixpsirt@trellix.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-18T21:29:04.183", "references": [{"source": "trellixpsirt@trellix.com", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10248"}], "sourceIdentifier": "trellixpsirt@trellix.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-367"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-274"}, {"lang": "en", "value": "CWE-363"}], "source": "trellixpsirt@trellix.com", "type": "Secondary"}]}