CVE-2017-18018
Publication date 4 January 2018
Last updated 24 July 2024
Ubuntu priority
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| coreutils | 22.04 LTS jammy |
Not affected
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic | Ignored documentation patch only | |
| 16.04 LTS xenial | Ignored documentation patch only | |
| 14.04 LTS trusty | Ignored documentation patch only |
Notes
ccdm94
It seems like this will not be fixed upstream (due to the nature of the chown and chgrp utilities), the available patch being a documentation change to warn users about insecure software behavior when certain options are used together in chown and chgrp. For this reason, we will not be fixing this issue in releases where it would be needed. These will be marked as ignored.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
4.7 · Medium
|
| Attack vector | Local |
| Attack complexity | High |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | High |
| Availability impact | None |
| Vector | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N |
References
Other references
- http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html
- http://www.openwall.com/lists/oss-security/2018/01/04/3
- https://lists.gnu.org/archive/html/coreutils/2017-12/msg00072.html
- https://lists.gnu.org/archive/html/coreutils/2017-12/msg00073.html
- https://www.cve.org/CVERecord?id=CVE-2017-18018