[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2017-18018/coreutils

Salvatore Bonaccorso carnil at debian.org
Thu Jan 4 17:10:12 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c344c58b by Salvatore Bonaccorso at 2018-01-04T18:08:15+01:00
Add CVE-2017-18018/coreutils

This item should probably be marked as unimportant.

https://lists.gnu.org/archive/html/coreutils/2017-12/msg00071.html

> On 12/28/2017 04:36 PM, Michael Orlitzky wrote:
>
>     Does anyone mind if I reserve a CVE for this?
>
>
> Of course not - but I doubt that we can do much about it:
> the chown(1) binary is just a wrapper around chown(2)/lchown(2),
> so whatever (other) utility uses these system calls in a recursive
> way will be prone to that trap.
>
> I think the best way to handle this is to keep teaching sysadmins
> to avoid the --dereference option together with -R; usually
> "chown -R" with the default -P is probably good enough.
>
> It would probably be good to add a clarifying sentence to the Texinfo
> documentation.  Would you like to propose a sentence?

Will just be fixed by clarifying documentation about security risk.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -267,7 +267,12 @@ CVE-2017-18020 (On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) softwa
 CVE-2017-18019 (In K7 Total Security before 15.1.0.305, user-controlled input to the ...)
 	NOT-FOR-US: K7 Total Security
 CVE-2017-18018 (In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not ...)
-	TODO: check
+	- coreutils <unfixed>
+	NOTE: http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html
+	NOTE: http://www.openwall.com/lists/oss-security/2018/01/04/3
+	NOTE: Documentation patches proposed:
+	NOTE: https://lists.gnu.org/archive/html/coreutils/2017-12/msg00072.html
+	NOTE: https://lists.gnu.org/archive/html/coreutils/2017-12/msg00073.html
 CVE-2018-5078 (Online Ticket Booking has XSS via the admin/eventlist.php cast ...)
 	NOT-FOR-US: Online Ticket Booking
 CVE-2018-5077 (Online Ticket Booking has XSS via the admin/movieedit.php moviename ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c344c58b5b43178b0c3bb6d5fd4011cef2a5e329

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c344c58b5b43178b0c3bb6d5fd4011cef2a5e329
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180104/9df44a00/attachment.html>

More information about the Secure-testing-commits mailing list