CVE-2017-18018: In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file
21245
13 September 2022
13 September 2022
Closed
Low
Base Score: 4.7 - MEDIUM -CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
N/A
CVE-2017-18018
Summary Security Advisory ID : BSA-2022-2073 Component : GNU Coreutils Revision : 1.0
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
Affected Products
- All versions of Brocade Fabric OS before v9.1.0
Products under investigation
- Brocade Active Support Connectivity Gateway (ASC-G)
Products Confirmed Not Vulnerable
No other Brocade Fibre Channel Products from Broadcom products are known to be affected by this vulnerability.
Solution
Security update provided in Brocade Fabric OS v9.1.0 and later releases.
Revision History
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | Sept 13, 2022 |