Описание
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
Отчет
For this vulnerability the fix was an update to the documentation. For more details please visit: https://www.openwall.com/lists/oss-security/2018/01/04/3 http://michael.orlitzky.com/cves/cve-2017-18018.xhtml Red Hat Enterprise Linux 8 ships already updated version of the coreutils package (version 8.30).
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | coreutils | Will not fix | ||
| Red Hat Enterprise Linux 5 | coreutils | Will not fix | ||
| Red Hat Enterprise Linux 6 | coreutils | Will not fix | ||
| Red Hat Enterprise Linux 7 | coreutils | Will not fix | ||
| Red Hat Enterprise Linux 8 | coreutils | Not affected |
Показывать по
Дополнительная информация
Статус:
4.2 Medium
CVSS3
Связанные уязвимости
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does no ...
4.2 Medium
CVSS3