CVE
CVE-2017-18018
| CVE ID |
CVE-2017-18018
|
|---|---|
| CVSS Score |
7.1
|
| Operating System | |
| Affected Versions |
CentOS 7
|
| Patched Versions |
coreutils-8.22-24_ol001.el7.2
|
| Patch Date |
|
| Last Updated Date |
|
| Vector String |
Additional Information
OL CVE Issue Summary:chown in GNU coreutils is vulnerable to a race condition when using the POSIX
"-R -L" options to follow symlinks recursively.
In the presence of symlinks, the recursive directory traversal is not guaranteed
to be performed depth-first. As a result, the "new owner" may be able to
introduce a symlink at a point in the traversal that has yet to be reached.
When it is reached, chown will be performed on the target of that symlink --
a situation that is often exploitable to gain root privileges.
chgrp is implemented with chown and is vulnerable in the same way when used
on group-writable paths.