uutils coreutils Safe Directory Traversal Vulnerability on Non-Linux Unix-like Systems
Vulnerability
A vulnerability exists in the safe_traversal module of uutils coreutils, which is designed to protect against Time-of-Check to Time-of-Use (TOCTOU) symlink races by using file-descriptor-relative syscalls. However, this protection is mistakenly restricted to Linux. On other Unix-like systems, such as macOS and FreeBSD, the utility does not apply these safeguards, leaving directory traversal operations exposed to symlink race vulnerabilities.
Impact
Exploitation of this vulnerability could lead to directory traversal issues, allowing for manipulation of files or directories through symlink races.
Reproduction
The vulnerability can be reproduced by using the coreutils utilities that perform directory traversal operations while the 'safe_traversal' protection is not applied. This can be done on a Unix-like system such as macOS or FreeBSD.
Remediation
Users can update to uutils coreutils version 0.6.0, which includes the necessary fix to expand safe directory traversal to all Unix platforms.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.