Compliance Impact

This vulnerability can lead to the creation of unexpected privileged executables due to improper handling of setuid and setgid bits when ownership preservation fails. Such privileged executables may violate local security policies.

While the CVE description does not explicitly mention compliance with standards like GDPR or HIPAA, the presence of unexpected privileged executables could potentially lead to unauthorized access or privilege escalation, which may impact compliance with security requirements in these regulations.

Useful 0 Not Useful 0

Executive Summary

The vulnerability exists in the cp utility of uutils coreutils. When copying files using the -p (preserve) flag, the utility attempts to preserve ownership and mode bits from the source file. However, if the ownership preservation (chown operation) fails, the utility still applies the source mode bits, including setuid and setgid bits, to the copied file.

This behavior can cause a copied file owned by a regular user to retain privileged bits, potentially creating executables with unexpected elevated privileges. This differs from the behavior of GNU cp, which clears these privileged bits if ownership cannot be preserved.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to security risks by allowing users to create files that unexpectedly retain setuid or setgid bits, granting elevated privileges unintentionally.

• Users may end up with executables that run with higher privileges than intended.
• This can violate local security policies and potentially allow privilege escalation.
• Attackers could exploit this to gain unauthorized access or perform actions with elevated rights.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves the cp utility in uutils coreutils improperly handling setuid and setgid bits when copying files with the -p flag. Detection would involve checking for files that have unexpected setuid or setgid bits that should not be present, especially on user-owned copies.

You can detect potentially affected files by searching for files with setuid or setgid bits set that are owned by non-privileged users. For example, use the following commands:

• find / -user <username> \( -perm -4000 -o -perm -2000 \) -ls
• find / -perm /6000 -exec ls -l {} +

These commands look for files with setuid (4000) or setgid (2000) bits set. Reviewing such files for unexpected privilege bits can help identify if the vulnerability has been exploited.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, avoid using the vulnerable cp utility from uutils coreutils with the -p flag until a patch is available.

As a workaround, use the GNU cp utility which correctly clears setuid and setgid bits when ownership preservation fails.

Additionally, audit and remove any unexpected setuid or setgid bits on user-owned files that may have been created due to this issue.

Monitor for updates or patches from the vendor and apply them as soon as they become available.

Useful 0 Not Useful 0