4.4
CVE-2009-4135
- EPSS 0.38%
- Veröffentlicht 11.12.2009 16:30:00
- Zuletzt bearbeitet 16.06.2026 23:13:06
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux Version10.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version12.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Fedoraproject ≫ Fedora Version11
Fedoraproject ≫ Fedora Version12
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.38% | 0.294 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.4 | 3.4 | 6.4 |
AV:L/AC:M/Au:N/C:P/I:P/A:P
|
CWE-59 Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5
http://marc.info/?l=oss-security&m=126030454503441&w=2
http://secunia.com/advisories/37645
http://secunia.com/advisories/37860
http://secunia.com/advisories/62226
http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18779.html
http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18787.html
http://www.openwall.com/lists/oss-security/2009/12/08/4
http://www.osvdb.org/60853
http://www.securityfocus.com/bid/37256
http://www.ubuntu.com/usn/USN-2473-1
http://www.vupen.com/english/advisories/2009/3453
https://bugzilla.redhat.com/show_bug.cgi?id=545439
https://exchange.xforce.ibmcloud.com/vulnerabilities/54673
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00954.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00972.html