CVE-2009-4135

Published: Dec 11, 2009Modified: Apr 23, 2026

4.4

Vector

AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 3.4 / Impact: 6.4

Source: NVD

Description

The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.

Affected (31)

Products: Canonical: Ubuntu Linux · Gnu: Coreutils · Fedoraproject: Fedora

1 product

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 10.04
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04

Configuration B

26 vulnerable

Vulnerable Software	Affected Versions
Gnu Coreutils	Version 5.2.1
Gnu Coreutils	Version 5.91
Gnu Coreutils	Version 5.92
Gnu Coreutils	Version 5.93
Gnu Coreutils	Version 5.94
Gnu Coreutils	Version 5.95
Gnu Coreutils	Version 5.96
Gnu Coreutils	Version 5.97
Gnu Coreutils	Version 6.10
Gnu Coreutils	Version 6.11
Gnu Coreutils	Version 6.12
Gnu Coreutils	Version 6.2
Gnu Coreutils	Version 6.3
Gnu Coreutils	Version 6.4
Gnu Coreutils	Version 6.5
Gnu Coreutils	Version 6.6
Gnu Coreutils	Version 6.7
Gnu Coreutils	Version 6.8
Gnu Coreutils	Version 6.9
Gnu Coreutils	Version 7.1
Gnu Coreutils	Version 7.2
Gnu Coreutils	Version 7.3
Gnu Coreutils	Version 7.4
Gnu Coreutils	Version 7.5
Gnu Coreutils	Version 7.6
Gnu Coreutils	Version 8.1

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 11
Fedoraproject Fedora	Version 12

Related CWEs

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (32)

http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5

Source: secalert@redhat.com

Issue TrackingPatch

http://marc.info/?l=oss-security&m=126030454503441&w=2

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://secunia.com/advisories/37645

Source: secalert@redhat.com

http://secunia.com/advisories/37860

Source: secalert@redhat.com

http://secunia.com/advisories/62226

Source: secalert@redhat.com

http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18779.html

Source: secalert@redhat.com

http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18787.html

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2009/12/08/4

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.osvdb.org/60853

Source: secalert@redhat.com

http://www.securityfocus.com/bid/37256

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2473-1

Source: secalert@redhat.com

Third Party Advisory

http://www.vupen.com/english/advisories/2009/3453

Source: secalert@redhat.com

Permissions Required

https://bugzilla.redhat.com/show_bug.cgi?id=545439

Source: secalert@redhat.com

Issue TrackingPatch

https://exchange.xforce.ibmcloud.com/vulnerabilities/54673

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00954.html

Source: secalert@redhat.com

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00972.html

Source: secalert@redhat.com

Third Party Advisory

http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

http://marc.info/?l=oss-security&m=126030454503441&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

http://secunia.com/advisories/37645

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/37860

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/62226

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18779.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18787.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2009/12/08/4

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.osvdb.org/60853

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/37256

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2473-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.vupen.com/english/advisories/2009/3453

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://bugzilla.redhat.com/show_bug.cgi?id=545439

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

https://exchange.xforce.ibmcloud.com/vulnerabilities/54673

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00954.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00972.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.