uutils coreutils mkfifo TOCTOU Race Condition Vulnerability

A Time-of-Check to Time-of-Use (TOCTOU) race condition has been identified in the mkfifo utility of uutils coreutils. This vulnerability arises because mkfifo creates a FIFO and then performs a path-based chmod to set permissions. A local attacker with write access to the parent directory can exploit this by replacing the newly created FIFO with a symbolic link to an arbitrary file before the chmod operation is applied. This could lead to unauthorized modifications, such as changing the permissions of sensitive files, and potentially allow privilege escalation if mkfifo is executed with elevated rights.

Impact

Exploitation of this vulnerability could result in a TOCTOU race condition, allowing a local attacker to manipulate file permissions in a way that could escalate privileges, especially if the affected utility is run with elevated rights.

Reproduction

The vulnerability can be reproduced by first creating a symbolic link to a sensitive file, such as /etc/shadow, in the same directory where mkfifo will create a FIFO. Then, while the symbolic link is in place, execute mkfifo with the desired permissions. After the FIFO is created, the chmod operation will inadvertently apply to the linked file instead, changing its permissions.

Remediation

Users are advised to update to the latest version of uutils coreutils, where this vulnerability has been addressed.