漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
uutils coreutils Path-Based Safety Bypass with --preserve-root
Vulnerability Description
A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to identify the root directory. An attacker or accidental user can bypass this safeguard by using a symbolic link that resolves to the root directory (e.g., /tmp/rootlink -> /), potentially leading to the unintended recursive deletion of the entire root filesystem.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Vulnerability Title
uutils coreutils 后置链接漏洞
Vulnerability Description
uutils coreutils是Uutils开源的一个跨平台核心命令行工具集。 uutils coreutils存在后置链接漏洞,该漏洞源于rm实用程序允许绕过--preserve-root保护,实现使用路径字符串检查而非比较设备和inode号来识别根目录,攻击者或意外用户可通过使用解析为根目录的符号链接绕过此保护,可能导致意外递归删除整个根文件系统。
CVSS Information
N/A
Vulnerability Type
N/A