CVE-2007-0895

Name of the Vulnerable Software and Affected Versions: rm versions in Solaris 8 through 10 before 20070208

Description: A race condition exists in the recursive directory deletion functionality of the rm command, specifically when using the -r or -R option. This issue allows local users to delete files and directories as the user running rm by manipulating the directory structure during the deletion process. The vulnerability arises when a low-level directory is moved to a higher level as it is being deleted, causing rm to change its directory to a higher level than expected, potentially up to the root file system.

Recommendations: For Solaris 8 through 10 before 20070208, update to a version released after 20070208 to resolve the issue.