CVE-2009-4135 - Improper Link Resolution Before File Access ('Link Following')

Severity

44%

Complexity

34%

Confidentiality

106%

The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.

The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.

CVSS 2.0 Base Score 4.4. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P).

Overview

First reported 15 years ago

2009-12-11 16:30:00

Last updated 7 years ago

2017-08-17 01:31:00

Affected Software

Canonical Ubuntu Linux 10.04 LTS

10.04

Canonical Ubuntu Linux 12.04 LTS

12.04

Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)

14.04

GNU Coreutils 5.2.1

5.2.1

GNU Coreutils 5.91

5.91

GNU Coreutils 5.92

5.92

GNU Coreutils 5.93

5.93

GNU Coreutils 5.94

5.94

GNU Coreutils 5.95

5.95

GNU Coreutils 5.96

5.96

GNU Coreutils 5.97

5.97

GNU Coreutils 6.2

6.2

GNU Coreutils 6.3

6.3

GNU Coreutils 6.4

6.4

GNU Coreutils 6.5

6.5

GNU Coreutils 6.6

6.6

GNU Coreutils 6.7

6.7

GNU Coreutils 6.8

6.8

GNU Coreutils 6.9

6.9

GNU Coreutils 6.10

6.10

GNU Coreutils 6.11

6.11

GNU Coreutils 6.12

6.12

GNU Coreutils 7.1

7.1

GNU Coreutils 7.2

7.2

GNU Coreutils 7.3

7.3

GNU Coreutils 7.4

7.4

GNU Coreutils 7.5

7.5

GNU Coreutils 7.6

7.6

GNU Coreutils 8.1

8.1

Fedora 11

11

Fedora 12

12

References

http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5

Issue Tracking, Patch

[oss-security] 20091208 Re: CVE Request -- coreutils -- unsafe temporary directory location use

Mailing List, Patch, Third Party Advisory

37645

37860

62226

[bug-coreutils] 20091208 Re: build: distcheck: do not leave a $TMPDIR/coreutils directory behind

Mailing List, Patch

[bug-coreutils] 20091209 [PATCH] doc: NEWS: mention the "make distcheck" vulnerability

Mailing List, Patch

[oss-security] 20091208 CVE Request -- coreutils -- unsafe temporary directory location use

Mailing List, Third Party Advisory

60853

37256

Third Party Advisory, VDB Entry

USN-2473-1

Third Party Advisory

ADV-2009-3453

Permissions Required

https://bugzilla.redhat.com/show_bug.cgi?id=545439

Issue Tracking, Patch

gnu-core-distcheck-symlink(54673)

FEDORA-2009-13216

Third Party Advisory

FEDORA-2009-13181

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.