Description
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2Attack Vector: Local
Complexity: Low
Privileges: Low
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: None
Affected Packages1 packages
🔴Vulnerability Details
2CVEListCVE-2017-18018: In GNU Coreutils through 8↗2018-01-04 OSVCVE-2017-18018: In GNU Coreutils through 8↗2018-01-04 📋Vendor Advisories
2Red Hatcoreutils: race condition vulnerability in chown and chgrp↗2017-12-20 DebianCVE-2017-18018: coreutils - In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent ...↗2017 💬Community
2BugzillaCVE-2017-18018 coreutils: race condition vulnerability in chown and chgrp [fedora-all]↗2018-01-08 BugzillaCVE-2017-18018 coreutils: race condition vulnerability in chown and chgrp↗2018-01-08