Executive Summary

The vulnerability involves the nohup utility in uutils coreutils creating its default output file, nohup.out, without setting explicit restricted permissions.

As a result, the file inherits the system's umask-based permissions, which typically makes it world-readable (0644).

This means that in multi-user environments, any user on the system can read the contents of nohup.out, which captures the stdout and stderr output of commands.

This behavior differs from GNU coreutils, where nohup.out is created with owner-only permissions (0600), preventing other users from reading it.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to unintended information disclosure in multi-user systems.

Since nohup.out files are world-readable, other users can access the output of commands run by different users.

This may expose sensitive or confidential information contained in the command outputs, potentially leading to privacy breaches or aiding attackers in gathering information about system activities.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking the permissions of the nohup.out files created by the nohup utility. Since the issue is that nohup.out files are created with world-readable permissions (typically 0644), you can look for such files and verify their permissions.

• Use the command: find / -name nohup.out -exec ls -l {} \; to locate all nohup.out files and display their permissions.
• Check if any nohup.out files have permissions that are more permissive than 0600, for example, 0644, which indicates the vulnerability.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, you should restrict the permissions of existing nohup.out files to be owner-only (0600) to prevent other users from reading sensitive output.

• Run chmod 600 nohup.out on existing nohup.out files to restrict access.

Additionally, consider setting a stricter umask before running nohup commands to ensure newly created nohup.out files do not have world-readable permissions.

• Set umask 077 in your shell environment before running nohup.

Monitor updates from the uutils coreutils project for a fix that changes the default permissions of nohup.out to 0600, aligning with GNU coreutils behavior.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability causes the nohup utility to create output files with world-readable permissions, potentially exposing sensitive information to unauthorized users in multi-user environments.

This exposure of sensitive data could lead to non-compliance with data protection standards and regulations such as GDPR and HIPAA, which require strict controls on access to personal and sensitive information.

By allowing other users to read command output that may contain sensitive data, the vulnerability increases the risk of unauthorized data disclosure, which is contrary to the confidentiality requirements mandated by these regulations.

Useful 0 Not Useful 0