Back

Ubuntu 26.04 LTS sslh Vulnerability Allows File Overwrites

Severity: Medium (Score: 45.8)

Sources: Ubuntu, Linuxsecurity

Published: 2026-06-02 · Updated: 2026-06-02

Keywords: ubuntu, sslh, file, overwrite, security, issue, discovered

Severity indicators: issue, security issue

Summary

A security vulnerability has been identified in sslh affecting multiple Ubuntu releases, including 26.04 LTS. The flaw allows local attackers to overwrite arbitrary files due to improper handling of symbolic links when writing the PID file. This issue impacts Ubuntu versions 26.04 LTS, 25.10, 24.04 LTS, 22.04 LTS, 20.04 LTS, 18.04 LTS, and 16.04 LTS. Users are advised to update their systems to the patched versions of sslh to mitigate this risk. The vulnerability does not appear to have been actively exploited at this time. Affected users must restart sslh after applying the updates to ensure the changes take effect. The advisory emphasizes the importance of maintaining up-to-date systems to prevent potential exploitation. Key Points: • A vulnerability in sslh allows local file overwrites in multiple Ubuntu versions. • The flaw affects Ubuntu 26.04 LTS and several earlier versions, from 16.04 to 25.10. • Users must update sslh and restart the service to apply the necessary security fixes.

Detailed Analysis

**Impact** All users of Ubuntu versions 16.04 LTS through 26.04 LTS and their derivatives are affected by this vulnerability. The issue allows a local attacker to overwrite arbitrary files, potentially leading to unauthorized modification or disruption of system files. This could impact organizations across all sectors using affected Ubuntu releases, with no geographic limitations specified. The business consequences include potential service disruption and integrity compromise of critical files. **Technical Details** The vulnerability arises from improper handling of symbolic links when sslh writes its PID file, enabling local attackers to overwrite arbitrary files. No specific CVE identifier is mentioned in the articles. The attack requires local access and targets the file overwrite stage of the kill chain. No malware, tools, or infrastructure details are provided. No IOCs are reported. **Recommended Response** Apply the updated sslh package versions provided for each Ubuntu release immediately and restart the sslh service to complete remediation. Ubuntu Pro users should ensure they have access to the relevant package updates. Monitor local privilege escalation attempts and file integrity on systems running affected versions. No additional detection or mitigation guidance is available from the sources.

Source articles (2)

  • USN-8360-1: sslh vulnerability — Ubuntu · 2026-06-01
    It was discovered that sslh did not properly handle symbolic links when writing its PID file. A local attacker could possibly use this issue to overwrite arbitrary files. It was discovered that sslh d…
  • Ubuntu 26.04 LTS sslh Important File Overwrite Security Advisory USN-8360 — Linuxsecurity · 2026-06-01
    A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS…

Timeline

  • 2026-06-01 — Security advisory USN-8360-1 published: Ubuntu released an advisory detailing a vulnerability in sslh that allows local file overwrites due to improper symbolic link handling.
  • 2026-06-01 — Patch released for sslh: Ubuntu provided updated package versions for sslh across affected releases to address the vulnerability.

Related entities

  • T1068 - Exploitation for Privilege Escalation (Mitre Attack)
  • Linux (Platform)
  • Ubuntu (Company)
  • Sslh Vulnerability (Vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed