uutils coreutils cp Information Disclosure Vulnerability via Race Condition
Vulnerability
A race condition allowing information disclosure has been identified in the cp utility of uutils coreutils. This vulnerability arises because destination files are initially created with umask-derived permissions, such as 0644, before being restricted to their final mode, like 0600. A local attacker can exploit this timing window to open the file and access its contents before the permissions are tightened. Once the file descriptor is obtained, it remains valid and readable, even after the permissions are modified, potentially exposing sensitive information.
Impact
Exploitation of this vulnerability could lead to unauthorized access to private or sensitive file contents, particularly in shared directories like /tmp.
Reproduction
The vulnerability can be reproduced by using the strace command to monitor the cp utility as it copies files. This will reveal the timing window during which the file permissions are still permissive, allowing for a race condition to be exploited.
Remediation
Users can update to the latest version of uutils coreutils, where this vulnerability has been addressed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.