Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.7
CVSSv3

CVE-2017-18018

Published: 04/01/2018 Updated: 19/01/2018
CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4
CVSS v3 Base Score: 4.7 | Impact Score: 3.6 | Exploitability Score: 1
VMScore: 170
Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

In GNU Coreutils up to and including 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.

Vulnerable Product Search on Vulmon Subscribe to Product

gnu coreutils

Vendor Advisories

Red Hat: CVE-2017-18018
In GNU Coreutils through 829, chown-corec in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition ...

Github Repositories

https://github.com/actions-marketplace-validations/phonito_phonito-scanner-action

Phonito Security Docker Vulnerability Scanner This action automates scanning Docker images for OS & library vulnerabilities You will need a Phonito Secuirty account which you can get for free at phonitoio Example output: Phonito Scan Complete! ============================================== 4 CVEs present image ============================================== â

https://github.com/phonito/phonito-scanner-action

Free Docker Vulnerability Scanning for CI/CD integration

Phonito Security Docker Vulnerability Scanner This action automates scanning Docker images for OS & library vulnerabilities You will need a Phonito Secuirty account which you can get for free at phonitoio Example output: Phonito Scan Complete! ============================================== 4 CVEs present image ============================================== â

References

CWE-362http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.htmlhttps://nvd.nist.govhttps://github.com/actions-marketplace-validations/phonito_phonito-scanner-actionhttps://github.com/phonito/phonito-scanner-actionhttps://access.redhat.com/security/cve/cve-2017-18018
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380CVE-2024-1694local file inclusionCVE-2024-5645CVE-2024-24919XSSCVE-2024-36774CVE-2024-21306SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook