Brocade Fabric OS update for GNU Coreutils



Published: 2022-09-19
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2017-18018
CWE-ID CWE-362
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
Brocade Fabric OS
Operating systems & Components / Operating system

Vendor Brocade

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Race condition

EUVDB-ID: #VU33153

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-18018

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local authenticated user to manipulate data.

In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Brocade Fabric OS: before 9.1.0

before 9.1.0
CPE2.3 External links

http://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2073

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###