CVE-2017-18018
Published: August 31, 2023Last modified: July 22, 2025
Description
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.1 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity impact | HIGH |
| Availability impact | NONE |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | coreutils | Not affected (9.1-r1) |
| Stream | coreutils | Not affected (9.3-r7) | |
| Hardened Containers | 23 LTS | coreutils | Not affected (9.1-r1) |
| Stream | coreutils | Not affected (9.3-r7) |