uutils coreutils mkdir Utility Permission Handling Vulnerability

A vulnerability exists in the uutils coreutils mkdir utility, specifically in version 0.6.0, related to how directory permissions are managed when the -m flag is used. The utility initially creates a directory with default umask-derived permissions, typically 0755. It then attempts to change these permissions to the desired mode using a separate chmod system call. This process creates a temporary window in multi-user environments where the directory, intended to be private, is briefly accessible to other users. This flaw could potentially lead to unauthorized access to sensitive data.

Impact

Exploitation of this vulnerability could result in unauthorized access to data within directories that are meant to be private.

Reproduction

To reproduce this vulnerability, use the mkdir command with the -m flag to set specific permissions. After the directory is created with default umask-derived permissions, check the permissions to confirm that they have been correctly applied. In version 0.6.0 of uutils coreutils, the permissions will initially reflect the default umask settings, creating a brief opportunity for other users to access the directory before the permissions are changed to the requested mode.

Remediation

Users can update to uutils coreutils version 0.6.0 or later, where this vulnerability has been addressed.