uutils coreutils mv Utility TOCTOU Race Condition Vulnerability

A Time-of-Check to Time-of-Use (TOCTOU) race condition has been identified in the mv utility of uutils coreutils, specifically during cross-device operations. The vulnerability arises because the utility deletes the destination path before recreating it through a copy operation. A local attacker with write access to the destination directory can exploit this timing issue by replacing the destination with a symbolic link. When the privileged move operation is performed, it will follow the symlink, allowing the attacker to redirect the write operation and overwrite an arbitrary target file with contents from the source.

Impact

Exploitation of this vulnerability allows for unauthorized overwriting of files, potentially leading to data loss or corruption.

Reproduction

The vulnerability can be reproduced by creating a source file on one filesystem and a target file on another, along with a sensitive file that only root can access. After setting up these files, a script can be run to continuously replace the target file with a symlink to the sensitive file. Meanwhile, another script can be executed to repeatedly move the source file to the target location, exploiting the race condition to overwrite the sensitive file with data from the source file.