Support Content Notification - Support Portal

CVE-2017-18018: In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file

Product/Component

Brocade Fabric OS

2 more products

Notification Id

21245

Last Updated

13 September 2022

Initial Publication Date

13 September 2022

Status

Closed

Severity

Low

CVSS Base Score

Base Score: 4.7 - MEDIUM -CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

WorkAround

N/A

Affected CVE

CVE-2017-18018

Summary

Security Advisory ID : BSA-2022-2073

Component : GNU Coreutils

Revision : 1.0

In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.

Affected Products

All versions of Brocade Fabric OS before v9.1.0

Products under investigation

Brocade Active Support Connectivity Gateway (ASC-G)

Products Confirmed Not Vulnerable

No other Brocade Fibre Channel Products from Broadcom products are known to be affected by this vulnerability.

Solution

Security update provided in Brocade Fabric OS v9.1.0 and later releases.

Revision History

Version	Change	Date
1.0	Initial Publication	Sept 13, 2022