Threat Advisory

Uutils Coreutils Vulnerability Allows File Overwrite

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: Medium
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in the rust/uu_install package, part of the uutils coreutils, affecting versions prior to 0.7.0. These flaws are Time-of-Check to Time-of-Use (TOCTOU) race conditions involving symlink manipulation during file installation and directory creation. An attacker with local access and write permissions to specific paths could exploit these issues to redirect privileged write operations. This poses a significant business risk as it allows for the arbitrary overwrite of system files, potentially leading to privilege escalation, system instability, or complete compromise of the host environment.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in the rust/uu_install package, part of the uutils coreutils, affecting versions prior to 0.7.0. These flaws are Time-of-Check to Time-of-Use (TOCTOU) race conditions involving symlink manipulation during file installation and directory creation. An attacker with local access and write permissions to specific paths could exploit these issues to redirect privileged write operations. This poses a significant business risk as it allows for the arbitrary overwrite of system files, potentially leading to privilege escalation, system instability, or complete compromise of the host environment.[emaillocker id="1283"]

  • CVE-2026-35356 with a CVSS score of 6.3 – A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists when using the -D flag, allowing an attacker to replace a path component with a symbolic link between directory creation and file writing operations. By exploiting this race condition, an attacker with concurrent write access can redirect privileged writes to arbitrary file system locations.
    • CVE-2026-35355 with a CVSS score of 6.3 – A TOCTOU race condition occurs during file installation because the utility unlinks a destination file and recreates it without the O_EXCL flag. A local attacker can exploit this window to swap the path with a symbolic link, enabling the overwrite of sensitive system files with attacker-controlled content.

Successful exploitation of these vulnerabilities could result in severe integrity and availability impacts, including the modification of critical system files. The ability to overwrite arbitrary files creates a pathway for privilege escalation and persistent access within the environment. Organizations using affected versions should treat these findings with high urgency due to the potential for complete system compromise.

RECOMMENDATION:

  • We recommend you to update rust uu_install to version 0.7.0.

REFERENCES:

The following reports contain further technical details:
https://github.com/advisories/GHSA-gwm6-q8ch-hcfr
https://github.com/advisories/GHSA-239g-2685-54x3

[/emaillocker]
crossmenu