← Back

CVE-2009-3289

nvd nist
Published: Sep 22, 2009Modified: Apr 23, 2026

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory.

Affected (4)

Gnome
1 product
Glib
Opensuse
1 product
Opensuse
Suse
1 product
Suse Linux Enterprise Server
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Glib
Version 2.0
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Opensuse
Opensuse
Version 11.0
Opensuse
Version 11.1
Suse Linux Enterprise Server
Version 11

Related CWEs

CWE-732
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (12)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Broken Link
Source: cve@mitre.org
Mailing List
Source: cve@mitre.org
Permissions Required
Source: cve@mitre.org
ExploitIssue Tracking
Source: cve@mitre.org
ExploitIssue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue Tracking

Timeline

No history available yet.