[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-4135Date: (C)2009-12-11   (M)2023-12-22


The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.4
Exploit Score: 3.4
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-37256
SECUNIA-37645
SECUNIA-37860
OSVDB-60853
SECUNIA-62226
ADV-2009-3453
FEDORA-2009-13181
FEDORA-2009-13216
USN-2473-1
http://www.openwall.com/lists/oss-security/2009/12/08/4
http://marc.info/?l=oss-security&m=126030454503441&w=2
gnu-core-distcheck-symlink(54673)
http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5
http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18779.html
http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18787.html
https://bugzilla.redhat.com/show_bug.cgi?id=545439

CWE    1
CWE-59
OVAL    4
oval:org.secpod.oval:def:25783
oval:org.secpod.oval:def:101874
oval:org.secpod.oval:def:300141
oval:org.secpod.oval:def:102453
...

© SecPod Technologies