Описание
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support |
| cosmic | ignored | end of life |
| devel | not-affected | 8.32-4ubuntu3 |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-infra-legacy/trusty | ignored | documentation patch only |
| esm-infra/bionic | ignored | documentation patch only |
| esm-infra/focal | not-affected | 8.30-3ubuntu2 |
| esm-infra/xenial | ignored | documentation patch only |
Показывать по
Ссылки на источники
EPSS
1.9 Low
CVSS2
7.1 High
CVSS3
Связанные уязвимости
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does no ...
EPSS
1.9 Low
CVSS2
7.1 High
CVSS3