PT-2018-6614 · Gnu+2 · Gnu Coreutils+2

Michael Orlitzky

Publicado

2018-01-04

Atualizado

2019-01-08

CVE-2017-18018

CVSS v3.1

7.1

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: GNU Coreutils versions prior to 8.30

Description: The issue allows local users to modify the ownership of arbitrary files by leveraging a race condition when using the POSIX "-R -L" options in chown and chgrp. This occurs because chown-core.c does not prevent replacement of a plain file with a symlink.

Recommendations: For GNU Coreutils versions prior to 8.30, update to version 8.30 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the POSIX "-R -L" options in chown and chgrp until the update is applied.

Exploit

Correção

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

ALT-PU-2018-2970

CVE-2017-18018

ECHO-4077-4868-610E

MGASA-2019-0022

Produtos afetados

Alt Linux

Debian

Gnu Coreutils

PT-2018-6614 · Gnu+2 · Gnu Coreutils+2

CVE-2017-18018

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 24