{"id":"CVE-2017-18018","details":"In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.","modified":"2026-04-16T06:25:50.032215384Z","published":"2018-01-04T04:29:00.190Z","references":[{"type":"REPORT","url":"http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/coreutils/coreutils","events":[{"introduced":"0"},{"last_affected":"27b2b19aa8d8b30b8cb4198b2f4b54568e10a35e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"8.29"}]}}],"versions":["COREUTILS-4_5_1","COREUTILS-4_5_10","COREUTILS-4_5_11","COREUTILS-4_5_12","COREUTILS-4_5_2","COREUTILS-4_5_3","COREUTILS-4_5_4","COREUTILS-4_5_5","COREUTILS-4_5_6","COREUTILS-4_5_7","COREUTILS-4_5_8","COREUTILS-4_5_9","COREUTILS-5_0","COREUTILS-5_0_1","COREUTILS-5_0_90","COREUTILS-5_0_91","COREUTILS-5_1_0","COREUTILS-5_1_1","COREUTILS-5_1_2","COREUTILS-5_1_3","COREUTILS-5_2_0","COREUTILS-5_2_1","COREUTILS-5_3_0","COREUTILS-5_90","COREUTILS-5_91","COREUTILS-5_92","COREUTILS-6_0","COREUTILS-6_1","COREUTILS-6_2","COREUTILS-6_3","COREUTILS-6_4","COREUTILS-6_5","COREUTILS-6_6","COREUTILS-6_7","CPPI-1_10","CPPI-1_11","CPPI-1_12","CPPI-1_8","CPPI-1_9","DU-FTS","FILEUTILS-3_12a","FILEUTILS-3_12f","FILEUTILS-3_12g","FILEUTILS-3_12j","FILEUTILS-3_12l","FILEUTILS-3_12m","FILEUTILS-3_12o","FILEUTILS-3_12p","FILEUTILS-3_12q","FILEUTILS-3_12r","FILEUTILS-3_12s","FILEUTILS-3_13","FILEUTILS-3_13b","FILEUTILS-3_13c","FILEUTILS-3_13e","FILEUTILS-3_13f","FILEUTILS-3_13g","FILEUTILS-3_13h","FILEUTILS-3_13k","FILEUTILS-3_14","FILEUTILS-3_14a","FILEUTILS-3_14b","FILEUTILS-3_15","FILEUTILS-3_15a","FILEUTILS-3_16","FILEUTILS-3_16g","FILEUTILS-3_16h","FILEUTILS-3_16i","FILEUTILS-3_16j","FILEUTILS-3_16k","FILEUTILS-3_16l","FILEUTILS-3_16m","FILEUTILS-3_16n","FILEUTILS-3_16o","FILEUTILS-3_16p","FILEUTILS-3_16q","FILEUTILS-3_16r","FILEUTILS-3_16s","FILEUTILS-3_16t","FILEUTILS-3_16u","FILEUTILS-3_16v","FILEUTILS-3_16w","FILEUTILS-3_16x","FILEUTILS-3_16z","FILEUTILS-3_8_3b","FILEUTILS-4_0","FILEUTILS-4_0-b2","FILEUTILS-4_0-b3","FILEUTILS-4_0-b4","FILEUTILS-4_0-b5","FILEUTILS-4_0-b6","FILEUTILS-4_0-b7","FILEUTILS-4_0-pre1","FILEUTILS-4_0_27","FILEUTILS-4_0_28","FILEUTILS-4_0_29","FILEUTILS-4_0_30","FILEUTILS-4_0_31","FILEUTILS-4_0_32","FILEUTILS-4_0_33","FILEUTILS-4_0_34","FILEUTILS-4_0_35","FILEUTILS-4_0_36","FILEUTILS-4_0_37","FILEUTILS-4_0_38","FILEUTILS-4_0_39","FILEUTILS-4_0_40","FILEUTILS-4_0_41","FILEUTILS-4_0_42","FILEUTILS-4_0_43","FILEUTILS-4_0_44","FILEUTILS-4_0_45","FILEUTILS-4_0d","FILEUTILS-4_0e","FILEUTILS-4_0f","FILEUTILS-4_0g","FILEUTILS-4_0h","FILEUTILS-4_0i","FILEUTILS-4_0j","FILEUTILS-4_0j-trial","FILEUTILS-4_0k","FILEUTILS-4_0l","FILEUTILS-4_0m","FILEUTILS-4_0n","FILEUTILS-4_0p","FILEUTILS-4_0q","FILEUTILS-4_0r","FILEUTILS-4_0s","FILEUTILS-4_0t","FILEUTILS-4_0u","FILEUTILS-4_0v","FILEUTILS-4_0w","FILEUTILS-4_0x","FILEUTILS-4_0y","FILEUTILS-4_0z","FILEUTILS-4_1","FILEUTILS-4_1-b1","FILEUTILS-4_1-b2","FILEUTILS-4_1-b3","FILEUTILS-4_1_1","FILEUTILS-4_1_10","FILEUTILS-4_1_11","FILEUTILS-4_1_2","FILEUTILS-4_1_3","FILEUTILS-4_1_4","FILEUTILS-4_1_5","FILEUTILS-4_1_6","FILEUTILS-4_1_7","FILEUTILS-4_1_8","FILEUTILS-4_1_9","ISDIGIT-bug-fix","SH-UTILS-1_12a","SH-UTILS-1_12d","SH-UTILS-1_12e","SH-UTILS-1_12f","SH-UTILS-1_12g","SH-UTILS-1_12o","SH-UTILS-1_12p","SH-UTILS-1_12r","SH-UTILS-1_12s","SH-UTILS-1_12t","SH-UTILS-1_13","SH-UTILS-1_14","SH-UTILS-1_14a","SH-UTILS-1_14b","SH-UTILS-1_15","SH-UTILS-1_15a","SH-UTILS-1_16","SH-UTILS-1_16a","SH-UTILS-1_16b","SH-UTILS-1_16c","SH-UTILS-1_16d","SH-UTILS-1_16f","SH-UTILS-1_16g","SH-UTILS-1_16h","SH-UTILS-1_16i","SH-UTILS-1_16j","SH-UTILS-1_16k","SH-UTILS-1_16l","SH-UTILS-1_16m","SH-UTILS-2_0","SH-UTILS-2_0_11","SH-UTILS-2_0_12","SH-UTILS-2_0_13","SH-UTILS-2_0_14","SH-UTILS-2_0_15","SH-UTILS-2_0a","SH-UTILS-2_0b","SH-UTILS-2_0c","SH-UTILS-2_0d","SH-UTILS-2_0e","SH-UTILS-2_0f","SH-UTILS-2_0g","SH-UTILS-2_0h","SH-UTILS-2_0i","SH-UTILS-2_0j","TEXTUTILS-1_12_2","TEXTUTILS-1_13","TEXTUTILS-1_13F","TEXTUTILS-1_13g","TEXTUTILS-1_13h","TEXTUTILS-1_13i","TEXTUTILS-1_13j","TEXTUTILS-1_13k","TEXTUTILS-1_14","TEXTUTILS-1_14a","TEXTUTILS-1_14b","TEXTUTILS-1_14c","TEXTUTILS-1_14d","TEXTUTILS-1_14e","TEXTUTILS-1_15","TEXTUTILS-1_16","TEXTUTILS-1_17","TEXTUTILS-1_18","TEXTUTILS-1_18a","TEXTUTILS-1_18b","TEXTUTILS-1_18c","TEXTUTILS-1_18d","TEXTUTILS-1_18e","TEXTUTILS-1_19","TEXTUTILS-1_19b","TEXTUTILS-1_19c","TEXTUTILS-1_19d","TEXTUTILS-1_19f","TEXTUTILS-1_19g","TEXTUTILS-1_19h","TEXTUTILS-1_19i","TEXTUTILS-1_19j","TEXTUTILS-1_19k","TEXTUTILS-1_19m","TEXTUTILS-1_19n","TEXTUTILS-1_19o","TEXTUTILS-1_19q","TEXTUTILS-1_19r","TEXTUTILS-1_20","TEXTUTILS-1_20a","TEXTUTILS-1_20b","TEXTUTILS-1_21","TEXTUTILS-1_21a","TEXTUTILS-1_22","TEXTUTILS-1_22a","TEXTUTILS-1_22c","TEXTUTILS-1_22d","TEXTUTILS-1_22f","TEXTUTILS-1_22g","TEXTUTILS-1_22h","TEXTUTILS-1_22i","TEXTUTILS-1_22j","TEXTUTILS-1_22k","TEXTUTILS-1_22l","TEXTUTILS-1_22m","TEXTUTILS-1_22n","TEXTUTILS-1_22o","TEXTUTILS-1_22p","TEXTUTILS-1_22q","TEXTUTILS-1_8b","TEXTUTILS-2_0","TEXTUTILS-2_0_10","TEXTUTILS-2_0_11","TEXTUTILS-2_0_12","TEXTUTILS-2_0_13","TEXTUTILS-2_0_14","TEXTUTILS-2_0_15","TEXTUTILS-2_0_16","TEXTUTILS-2_0_17","TEXTUTILS-2_0_18","TEXTUTILS-2_0_19","TEXTUTILS-2_0_20","TEXTUTILS-2_0_21","TEXTUTILS-2_0_22","TEXTUTILS-2_0_8","TEXTUTILS-2_0_9","TEXTUTILS-2_0a","TEXTUTILS-2_0b","TEXTUTILS-2_0c","TEXTUTILS-2_0e","TEXTUTILS-2_0f","TEXTUTILS-2_0g","TEXTUTILS-2_1","textutils-1_12_1","v4.5.1","v4.5.10","v4.5.11","v4.5.12","v4.5.2","v4.5.3","v4.5.4","v4.5.5","v4.5.6","v4.5.7","v4.5.8","v4.5.9","v5.0","v5.0.1","v5.0.90","v5.0.91","v5.1.0","v5.1.1","v5.1.2","v5.1.3","v5.2.0","v5.2.1","v5.3.0","v5.90","v5.91","v5.92","v6.0","v6.1","v6.10","v6.11","v6.12","v6.2","v6.3","v6.4","v6.5","v6.6","v6.7","v6.9.89","v6.9.90","v6.9.91","v6.9.92","v7.0","v7.1","v7.2","v7.3","v7.4","v7.5","v7.6","v8.0","v8.1","v8.10","v8.11","v8.12","v8.13","v8.14","v8.15","v8.16","v8.17","v8.18","v8.19","v8.2","v8.20","v8.21","v8.22","v8.23","v8.24","v8.25","v8.26","v8.27","v8.28","v8.29","v8.3","v8.4","v8.5","v8.6","v8.7","v8.8","v8.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-18018.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}