In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
-
Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
---|---|---|---|---|---|
debian/coreutils | deb | debian | 12 | >=9.1-1 | Not yet available |
debian/coreutils | deb | debian | 10 | >=8.30-3 | Not yet available |
debian/coreutils | deb | debian | 13 | >=9.4-3.1 | Not yet available |
debian/coreutils | deb | debian | 11 | >=8.32-4 | Not yet available |
debian/coreutils | deb | debian | unstable | >=9.4-3.1 | Not yet available |
Severity and metrics
No CVSS data available from this source.
1
-
1.0
0.8
-
-