CVE-2009-4135

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2009-4135
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.

4.4 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 3.4 / Impact : 6.4

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://marc.info/?l=oss-security&m=126030454503441&w=2 Mailing List Patch Third Party Advisory
http://www.osvdb.org/60853
https://bugzilla.redhat.com/show_bug.cgi?id=545439 Issue Tracking Patch
http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5 Issue Tracking Patch
http://www.securityfocus.com/bid/37256 Third Party Advisory VDB Entry
http://secunia.com/advisories/37645
http://www.vupen.com/english/advisories/2009/3453 Permissions Required
http://www.openwall.com/lists/oss-security/2009/12/08/4 Mailing List Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00954.html Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00972.html Third Party Advisory
http://secunia.com/advisories/37860
http://secunia.com/advisories/62226
http://www.ubuntu.com/usn/USN-2473-1 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/54673
http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18787.html
http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18779.html
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:gnu:coreutils:6.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:6.10:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:5.96:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:5.91:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:6.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:6.12:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:7.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:6.8:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:6.7:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:8.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:7.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:6.11:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:7.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:7.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:5.97:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:5.94:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:5.93:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:6.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:6.9:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:6.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:5.95:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:7.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:7.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:5.92:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:6.3:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
Information

Published : 2009-12-11 08:30

Updated : 2023-02-12 18:20

NVD link : CVE-2009-4135

Mitre link : CVE-2009-4135

JSON object : View

CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')

Advertisement

dedicated server usa
Products Affected

canonical

  • ubuntu_linux

gnu

  • coreutils

fedoraproject

  • fedora