• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

GNU Core Utilities Local Race Condition Vulnerability

It is reported that the mkdir, mknod, mkfifo utilities supplied with GNU Core Utilities 5.2.1 are affected by a race condition error that may allow an attacker to manipulate file permissions leading to various attacks.

Specifically, this issue arises if the attacker has write permissions to a directory where a user is executing mkdir, mknod, or mkfifo with the '-m' switch.

A successful attack can allow the attacker to manipulate file permissions and then carry out other attacks such as disclosing sensitive data, corruption of data and potential privilege escalation.

It is possible that this issue is similar to BID 12954 (BZip2 CHMod File Permission Modification Race Condition Weakness).