CVE-2018-18654

Name of the Vulnerable Software and Affected Versions Crossroads version 2.81

Description The issue arises from improper handling of the /tmp directory during the build process of xr, allowing a local attacker to create a world-writable subdirectory in a specific location under /tmp. The attacker can then wait for a user process to copy xr into this subdirectory and subsequently replace the contents with a Trojan horse version of xr.

Recommendations For Crossroads version 2.81, consider restricting access to the /tmp directory to prevent unauthorized modifications, and ensure that user processes copying xr into /tmp use secure and isolated temporary directories to minimize the risk of exploitation.