GNU coreutils mkdir -m Switch Arbitrary File Permission Modification
Local Access Required
Loss of Integrity
GNU coreutils contains a race condition flaw in the 'mkdir' command when running with the '-m' command line switch between the time a directory is created and specified permissions are set. It is possible for a local attacker during the time gap to replace a created directory with a hard-link to an arbitrary file, causing permissions to be set for this.
It has been reported that this issue has been fixed. Upgrade to version 5.90, or higher, to address this vulnerability.
Discovery is credited to Imran Ghory <email@example.com>.
GNU Coreutils 5.2.1
It is reported that the mkdir, mknod, mkfifo utilities supplied with GNU Core Utilities 5.2.1 are affected by a race condition error that may allow an attacker to manipulate file permissions leading to various attacks.
Specifically, this issue arises if the attacker has write permissions to a directory where a user is executing mkdir, mknod, or mkfifo with the '-m' switch.
A successful attack can allow the attacker to manipulate file permissions and then carry out other attacks such as disclosing sensitive data, corruption of data and potential privilege escalation.
It is possible that this issue is similar to BID 12954 (BZip2 CHMod File Permission Modification Race Condition Weakness).
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.