漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
uutils coreutils chcon Security Bypass and Mandatory Access Control (MAC) Inconsistency via TOCTOU Race Condition
Vulnerability Description
A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the chcon utility of uutils coreutils during recursive operations. The implementation resolves recursive targets using a fresh path lookup (via fts_accpath) rather than binding the traversal and label application to the specific directory state encountered during traversal. Because these operations are not anchored to file descriptors, a local attacker with write access to a directory tree can exploit timing-sensitive rename or symbolic link races to redirect a privileged recursive relabeling operation to unintended files or directories. This vulnerability breaks the hardening expectations for SELinux administration workflows and can lead to the unauthorized modification of security labels on sensitive system objects.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
检查时间与使用时间(TOCTOU)的竞争条件
Vulnerability Title
uutils coreutils 安全漏洞
Vulnerability Description
uutils coreutils是Uutils开源的一个跨平台核心命令行工具集。 uutils coreutils存在安全漏洞,该漏洞源于chcon递归操作中存在检查时间到使用时间竞争条件,可能导致本地攻击者利用重命名或符号链接竞争,将特权递归重新标记操作重定向到意外文件或目录,从而未经授权修改敏感系统对象的安全标签。
CVSS Information
N/A
Vulnerability Type
N/A