VDB
DEBIAN-CVE-2017-18018
DEBIAN-CVE-2017-18018
PUBLISHED
CVSS 4.699999809265137 MEDIUM
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
Risk Scores
CVSS v3.0
4.699999809265137
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | coreutils | 9.7-1, 0, 8.32-4 |
| Debian:14 | coreutils | 9.7-3, 9.10-1, 0 |
| Debian:12 | coreutils | 9.4-3.1, 9.10-1, 9.4-2 |
| Debian:13 | coreutils | 9.7-3, 9.10-1, 0 |
Timeline
- Jan 4, 2018 CVE Published
- Apr 28, 2026 CVE Updated