{"id":"UBUNTU-CVE-2017-18018","details":"In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.","modified":"2025-10-24T04:46:38Z","published":"2018-01-04T04:29:00Z","upstream":["CVE-2017-18018"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-18018"},{"type":"REPORT","url":"http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html"},{"type":"REPORT","url":"http://www.openwall.com/lists/oss-security/2018/01/04/3"},{"type":"REPORT","url":"https://lists.gnu.org/archive/html/coreutils/2017-12/msg00072.html"},{"type":"REPORT","url":"https://lists.gnu.org/archive/html/coreutils/2017-12/msg00073.html"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2017-18018"}],"affected":[{"package":{"name":"coreutils","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/coreutils@8.21-1ubuntu5.4?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["8.20-3ubuntu5","8.21-1ubuntu3","8.21-1ubuntu4","8.21-1ubuntu5","8.21-1ubuntu5.1","8.21-1ubuntu5.3","8.21-1ubuntu5.4"],"ecosystem_specific":{"binaries":[{"binary_version":"8.21-1ubuntu5.4","binary_name":"coreutils"},{"binary_version":"8.21-1ubuntu5.4","binary_name":"mktemp"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-18018.json"}},{"package":{"name":"coreutils","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/coreutils@8.25-2ubuntu3~16.04?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["8.23-4ubuntu2","8.25-2ubuntu2","8.25-2ubuntu3~16.04"],"ecosystem_specific":{"binaries":[{"binary_version":"8.25-2ubuntu3~16.04","binary_name":"coreutils"},{"binary_version":"8.25-2ubuntu3~16.04","binary_name":"mktemp"},{"binary_version":"8.25-2ubuntu3~16.04","binary_name":"realpath"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-18018.json"}},{"package":{"name":"coreutils","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/coreutils@8.28-1ubuntu1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["8.26-3ubuntu4","8.28-1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"8.28-1ubuntu1","binary_name":"coreutils"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-18018.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"low"}]}