The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 01:08
Type | Values Removed | Values Added |
---|---|---|
References | () http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5 - Issue Tracking, Patch | |
References | () http://marc.info/?l=oss-security&m=126030454503441&w=2 - Mailing List, Patch, Third Party Advisory | |
References | () http://secunia.com/advisories/37645 - | |
References | () http://secunia.com/advisories/37860 - | |
References | () http://secunia.com/advisories/62226 - | |
References | () http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18779.html - | |
References | () http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18787.html - | |
References | () http://www.openwall.com/lists/oss-security/2009/12/08/4 - Mailing List, Third Party Advisory | |
References | () http://www.osvdb.org/60853 - | |
References | () http://www.securityfocus.com/bid/37256 - Third Party Advisory, VDB Entry | |
References | () http://www.ubuntu.com/usn/USN-2473-1 - Third Party Advisory | |
References | () http://www.vupen.com/english/advisories/2009/3453 - Permissions Required | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=545439 - Issue Tracking, Patch | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/54673 - | |
References | () https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00954.html - Third Party Advisory | |
References | () https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00972.html - Third Party Advisory |
Information
Published : 2009-12-11 16:30
Updated : 2024-11-21 01:08
NVD link : CVE-2009-4135
Mitre link : CVE-2009-4135
CVE.ORG link : CVE-2009-4135
JSON object : View
Products Affected
fedoraproject
- fedora
gnu
- coreutils
canonical
- ubuntu_linux
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')