MDVSA-2009:345 -- Mandriva aclID: oval:org.secpod.oval:def:300786 | Date: (C)2012-01-07 (M)2021-09-11 |
Class: PATCH | Family: unix |
A vulnerability was discovered and corrected in acl: The setfacl and getfacl commands in XFS acl 2.2.47, when running in recursive mode, follow symbolic links even when the --physical or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack . This update provides a fix for this vulnerability.
Platform: |
Mandriva Linux 2010.0 |
Mandriva Linux 2009.0 |
Mandriva Linux 2009.1 |