fkie_cve-2009-4135
Vulnerability from fkie_nvd
Published
2009-12-11 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| gnu | coreutils | 5.2.1 | |
| gnu | coreutils | 5.91 | |
| gnu | coreutils | 5.92 | |
| gnu | coreutils | 5.93 | |
| gnu | coreutils | 5.94 | |
| gnu | coreutils | 5.95 | |
| gnu | coreutils | 5.96 | |
| gnu | coreutils | 5.97 | |
| gnu | coreutils | 6.2 | |
| gnu | coreutils | 6.3 | |
| gnu | coreutils | 6.4 | |
| gnu | coreutils | 6.5 | |
| gnu | coreutils | 6.6 | |
| gnu | coreutils | 6.7 | |
| gnu | coreutils | 6.8 | |
| gnu | coreutils | 6.9 | |
| gnu | coreutils | 6.10 | |
| gnu | coreutils | 6.11 | |
| gnu | coreutils | 6.12 | |
| gnu | coreutils | 7.1 | |
| gnu | coreutils | 7.2 | |
| gnu | coreutils | 7.3 | |
| gnu | coreutils | 7.4 | |
| gnu | coreutils | 7.5 | |
| gnu | coreutils | 7.6 | |
| gnu | coreutils | 8.1 | |
| fedoraproject | fedora | 11 | |
| fedoraproject | fedora | 12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:coreutils:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4060C1F-54F4-4D8F-A359-48CC27359585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:5.91:*:*:*:*:*:*:*",
"matchCriteriaId": "BB7AE17A-1310-4F3B-B649-ED3D14C161BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:5.92:*:*:*:*:*:*:*",
"matchCriteriaId": "066F4A28-3C7E-4524-BB09-50A9C27F0DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:5.93:*:*:*:*:*:*:*",
"matchCriteriaId": "B334A0E5-92C4-4027-B847-1E535D46759E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:5.94:*:*:*:*:*:*:*",
"matchCriteriaId": "70411321-9C15-4EE5-8C50-C730DC114B69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:5.95:*:*:*:*:*:*:*",
"matchCriteriaId": "F9CDDE73-12B4-49BD-AA4A-EFDB27DCEE63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:5.96:*:*:*:*:*:*:*",
"matchCriteriaId": "56235E45-03A0-4665-A892-E022F3CECEFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:5.97:*:*:*:*:*:*:*",
"matchCriteriaId": "FAAFD6D4-7CA0-4C5E-ACCE-0FEFE123282A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "17B19ECD-3B51-495B-890A-A65715E84500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9BA15857-9B26-44EC-8111-B4AB5F14CAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A9322877-683C-4662-8862-8A19921DDFF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "64510D4D-D783-4D91-969A-631864135A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "047B607D-074F-4154-BDBC-C252A0E332FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "60A5A833-9CDA-459E-B1AF-8813E559DE0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DE7C16BD-A66A-436D-935D-6FB03EFF477C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7FA6D6-C675-4B21-B29F-D0686C03D373",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C77C7E77-20AB-4B96-B5F9-51D0B598A9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8B96E929-15F1-40EE-9EE0-ABBF0C8EFA76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FD5C865C-B8B1-4410-8DC8-015FA8CACA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47B9797D-D66B-47AB-8ED9-8EB6A3B7BB3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05224EEF-A6C6-4B04-AD37-B22AB9048D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B417E42B-821D-4C74-BF47-3594C9AE1B98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E64DD6D2-3025-4805-A7BD-0A0FDCF906CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "499983D5-E6A2-411B-861C-95653E238FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6A4FDCD8-F63F-42A8-9130-3E69B6A5331A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BCA48A1-617A-4B82-A363-70131EE27150",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BB5EDB-520B-4DEF-B06E-65CA13152824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*",
"matchCriteriaId": "E44669D7-6C1E-4844-B78A-73E253A7CC17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp."
},
{
"lang": "es",
"value": "La regla distcheck en dist-check.mk en GNU coreutils desde v5.2.1 hasta v8.1 permite a usuarios locales ganar privilegios a trav\u00e9s de un ataque de enlace simb\u00f3lico en un fichero que este en la carpeta /tmp."
}
],
"id": "CVE-2009-4135",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-11T16:30:00.327",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://marc.info/?l=oss-security\u0026m=126030454503441\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/37645"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/37860"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/62226"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18779.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18787.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/08/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/60853"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/37256"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2473-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2009/3453"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=545439"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54673"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00954.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00972.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://marc.info/?l=oss-security\u0026m=126030454503441\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18779.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18787.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/08/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/60853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/37256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2473-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2009/3453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=545439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00954.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00972.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "This issue does not affect users using coreutils binary RPMs, or rebuilding source RPMs. Therefore, we do not plan to release updates addressing this flaw on Red Hat Enterprise Linux 3, 4 and 5.\n\nFor additional details, refer to the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4135",
"lastModified": "2010-02-26T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…