Brocade Fabric OS update for GNU Coreutils

Published: 2022-09-19
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2017-18018
Exploitation vector Local
Public exploit N/A
Vulnerable software
Brocade Fabric OS
Operating systems & Components / Operating system

Vendor Brocade

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Race condition

EUVDB-ID: #VU33153

Risk: Low


CVE-ID: CVE-2017-18018

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No


The vulnerability allows a local authenticated user to manipulate data.

In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.


Install update from vendor's website.

Vulnerable software versions

Brocade Fabric OS: before 9.1.0

before 9.1.0
CPE2.3 External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?