漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
uutils coreutils cp Unexpected Privileged Executable Creation with -p
Vulnerability Description
The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p (preserve) flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining original privileged bits, creating unexpected privileged executables that violate local security policies. This differs from GNU cp, which clears these bits when ownership cannot be preserved.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Vulnerability Type
权限预留不恰当
Vulnerability Title
uutils coreutils 安全漏洞
Vulnerability Description
uutils coreutils是Uutils开源的一个跨平台核心命令行工具集。 uutils coreutils存在安全漏洞,该漏洞源于cp实用程序在所有权保留失败时未能正确处理setuid和setgid位,使用-p标志复制时,即使chown操作不成功,实用程序也会应用源模式位,可能导致用户拥有的副本保留原始特权位,创建违反本地安全策略的意外特权可执行文件,这与所有权无法保留时清除这些位的GNU cp不同。
CVSS Information
N/A
Vulnerability Type
N/A