uutils coreutils chmod Path Traversal Bypass of --preserve-root

A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbolic links to execute destructive recursive operations (e.g., chmod -R 000) on the entire root filesystem, leading to system-wide permission loss and potential complete system breakdown.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

对路径名的限制不恰当(路径遍历)

uutils coreutils 路径遍历漏洞

uutils coreutils是Uutils开源的一个跨平台核心命令行工具集。 uutils coreutils存在路径遍历漏洞，该漏洞源于chmod实用程序允许用户绕过--preserve-root安全机制，实现仅验证目标路径是否为字面/且未规范化路径，攻击者或意外用户可使用/../或符号链接等路径变体在整个根文件系统上执行破坏性递归操作，导致系统范围权限丢失和潜在完全系统崩溃。

N/A

N/A