漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
uutils coreutils chown and chgrp False Success Exit Code in Recursive Mode
Vulnerability Description
A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even if earlier ownership or group changes failed due to permission errors. This can lead to security misconfigurations where administrative scripts incorrectly assume that ownership has been successfully transferred across a directory tree.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
对函数返回值的检查不正确
Vulnerability Title
uutils coreutils 安全漏洞
Vulnerability Description
uutils coreutils是Uutils开源的一个跨平台核心命令行工具集。 uutils coreutils存在安全漏洞,该漏洞源于chown和chgrp使用的ChownExecutor存在缺陷,导致实用程序在递归操作期间返回不正确的退出代码,最终退出代码仅由最后处理的文件决定,如果最后操作成功,即使先前的所有权或组更改因权限错误而失败,命令也返回0,可能导致安全配置错误,管理脚本错误地认为所有权已在目录树中成功转移。
CVSS Information
N/A
Vulnerability Type
N/A