1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:N/I:P/A:N
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
0.0004 Low
EPSS
Percentile
5.1%
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not
prevent replacement of a plain file with a symlink during use of the POSIX
“-R -L” options, which allows local users to modify the ownership of
arbitrary files by leveraging a race condition.
Author | Note |
---|---|
ccdm94 | It seems like this will not be fixed upstream (due to the nature of the chown and chgrp utilities), the available patch being a documentation change to warn users about insecure software behavior when certain options are used together in chown and chgrp. For this reason, we will not be fixing this issue in releases where it would be needed. These will be marked as ignored. |
lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html
www.openwall.com/lists/oss-security/2018/01/04/3
launchpad.net/bugs/cve/CVE-2017-18018
lists.gnu.org/archive/html/coreutils/2017-12/msg00072.html
lists.gnu.org/archive/html/coreutils/2017-12/msg00073.html
nvd.nist.gov/vuln/detail/CVE-2017-18018
security-tracker.debian.org/tracker/CVE-2017-18018
www.cve.org/CVERecord?id=CVE-2017-18018
1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:N/I:P/A:N
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
0.0004 Low
EPSS
Percentile
5.1%