PT-2009-6308 · Gnu+1 · Gnu Coreutils+1
Jan Lieskovsky
·
Published
2009-12-11
·
Updated
2023-02-13
·
CVE-2009-4135
CVSS v2.0
4.4
Medium
| Vector | AV:L/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
GNU coreutils versions 5.2.1 through 8.1
Description
The issue allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp. This is related to the distcheck rule in dist-check.mk.
Recommendations
For GNU coreutils versions 5.2.1 through 8.1, consider restricting access to the distcheck rule in dist-check.mk to minimize the risk of exploitation. As a temporary workaround, avoid using the distcheck rule until a patch is available.
Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gnu Coreutils
Ubuntu