CVE-2018-6693

Summary

An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbitrary files.

Affected Software

VendorProductVersion RangeStatus
McAfeeEndpoint Security for Linux Threat Prevention (ENSLTP)10.5.0affected
McAfeeEndpoint Security for Linux Threat Prevention (ENSLTP)10.5.1 10.5.0affected
McAfeeEndpoint Security for Linux Threat Prevention (ENSLTP)10.2.3 Hotfix 1246778 <= 10.2.3 Hotfix 1246778affected

Weaknesses

  • CWE-363: Race Condition Enabling Link Following (CWE-363)
  • CWE-274: Privilege Escalation (CWE-274)

ADP Enrichment

CVE Program Container

Additional References

References