CVE-2002-0435

Severity

12%

Complexity

19%

Confidentiality

48%

Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system.

Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system.

CVSS 2.0 Base Score 1.2. CVSS Attack Vector: local. CVSS Attack Complexity: high. CVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N).

Overview

Type

GNU Fileutils

First reported 22 years ago

2002-07-26 04:00:00

Last updated 16 years ago

2008-09-05 20:28:00

Affected Software

GNU Fileutils 4.0

4.0

GNU Fileutils 4.1

4.1

GNU Fileutils 4.1.6

4.1.6

References

CSSA-2002-018.1

Patch, Vendor Advisory

http://mail.gnu.org/archive/html/bug-fileutils/2002-03/msg00028.html

gnu-fileutils-race-condition(8432)

Patch, Vendor Advisory

MDKSA-2002:031

RHSA-2003:015

RHSA-2003:016

20020310 GNU fileutils - recursive directory removal race condition

Vendor Advisory

4266

Patch, Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.