CVE-2017-18018
- Reference to the description:
- Description:
- In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
- Last updated date:
- 01/19/2018
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 01/19/2018
- Reference url to background
http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html