漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
uutils coreutils mv Silent Ownership Loss in Cross-Device Operations
Vulnerability Description
The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and migrations, causing files moved by a privileged user (e.g., root) to become root-owned unexpectedly, which can lead to information disclosure or restricted access for the intended owners.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
权限预留不恰当
Vulnerability Title
uutils coreutils 安全漏洞
Vulnerability Description
uutils coreutils是Uutils开源的一个跨平台核心命令行工具集。 uutils coreutils存在安全漏洞,该漏洞源于mv实用程序在不同文件系统边界移动时未能保留文件所有权,实用程序回退到复制和删除例程,使用调用者的UID/GID而非源的元数据创建目标文件,此缺陷破坏备份和迁移,导致特权用户移动的文件意外变为root所有,可能造成信息泄露或限制预期所有者的访问。
CVSS Information
N/A
Vulnerability Type
N/A