CVE-2009-4135

The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.
References
Link Resource
http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5 Issue Tracking Patch
http://marc.info/?l=oss-security&m=126030454503441&w=2 Mailing List Patch Third Party Advisory
http://secunia.com/advisories/37645
http://secunia.com/advisories/37860
http://secunia.com/advisories/62226
http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18779.html
http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18787.html
http://www.openwall.com/lists/oss-security/2009/12/08/4 Mailing List Third Party Advisory
http://www.osvdb.org/60853
http://www.securityfocus.com/bid/37256 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2473-1 Third Party Advisory
http://www.vupen.com/english/advisories/2009/3453 Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=545439 Issue Tracking Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/54673
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00954.html Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00972.html Third Party Advisory
http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5 Issue Tracking Patch
http://marc.info/?l=oss-security&m=126030454503441&w=2 Mailing List Patch Third Party Advisory
http://secunia.com/advisories/37645
http://secunia.com/advisories/37860
http://secunia.com/advisories/62226
http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18779.html
http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18787.html
http://www.openwall.com/lists/oss-security/2009/12/08/4 Mailing List Third Party Advisory
http://www.osvdb.org/60853
http://www.securityfocus.com/bid/37256 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2473-1 Third Party Advisory
http://www.vupen.com/english/advisories/2009/3453 Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=545439 Issue Tracking Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/54673
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00954.html Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00972.html Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:gnu:coreutils:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:5.91:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:5.92:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:5.93:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:5.94:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:5.95:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:5.96:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:5.97:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:6.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:6.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:6.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:6.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:6.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:6.7:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:6.8:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:6.9:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:6.10:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:6.11:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:6.12:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:7.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:7.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:7.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:7.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:7.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:7.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:8.1:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*

History

21 Nov 2024, 01:08

Type Values Removed Values Added
References () http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5 - Issue Tracking, Patch () http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5 - Issue Tracking, Patch
References () http://marc.info/?l=oss-security&m=126030454503441&w=2 - Mailing List, Patch, Third Party Advisory () http://marc.info/?l=oss-security&m=126030454503441&w=2 - Mailing List, Patch, Third Party Advisory
References () http://secunia.com/advisories/37645 - () http://secunia.com/advisories/37645 -
References () http://secunia.com/advisories/37860 - () http://secunia.com/advisories/37860 -
References () http://secunia.com/advisories/62226 - () http://secunia.com/advisories/62226 -
References () http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18779.html - () http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18779.html -
References () http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18787.html - () http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18787.html -
References () http://www.openwall.com/lists/oss-security/2009/12/08/4 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2009/12/08/4 - Mailing List, Third Party Advisory
References () http://www.osvdb.org/60853 - () http://www.osvdb.org/60853 -
References () http://www.securityfocus.com/bid/37256 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/37256 - Third Party Advisory, VDB Entry
References () http://www.ubuntu.com/usn/USN-2473-1 - Third Party Advisory () http://www.ubuntu.com/usn/USN-2473-1 - Third Party Advisory
References () http://www.vupen.com/english/advisories/2009/3453 - Permissions Required () http://www.vupen.com/english/advisories/2009/3453 - Permissions Required
References () https://bugzilla.redhat.com/show_bug.cgi?id=545439 - Issue Tracking, Patch () https://bugzilla.redhat.com/show_bug.cgi?id=545439 - Issue Tracking, Patch
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/54673 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/54673 -
References () https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00954.html - Third Party Advisory () https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00954.html - Third Party Advisory
References () https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00972.html - Third Party Advisory () https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00972.html - Third Party Advisory

Information

Published : 2009-12-11 16:30

Updated : 2024-11-21 01:08


NVD link : CVE-2009-4135

Mitre link : CVE-2009-4135

CVE.ORG link : CVE-2009-4135


JSON object : View

Products Affected

fedoraproject

  • fedora

gnu

  • coreutils

canonical

  • ubuntu_linux
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')