The recursive mode (-R) of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determined solely by the success or failure of the last file processed. This allows the command to return an exit code of 0 (success) even if errors were encountered on previous files, such as 'Operation not permitted'. Scripts relying on these exit codes may proceed under a false sense of success while sensitive files remain with restrictive or incorrect permissions.
oryginał ENCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NUutils Coreutils
APPUutils< 0.6.0
Powiązane podatności
A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility...
A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing...
A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mec...
A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mkfifo utility of uutils coreutils. The u...
A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorre...