CVE-2009-4135
Published Dec 11, 2009
Last updated 2 years ago
Overview
- Description
- The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.4
- Impact score
- 6.4
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-59
Vendor comments
- Red HatThis issue does not affect users using coreutils binary RPMs, or rebuilding source RPMs. Therefore, we do not plan to release updates addressing this flaw on Red Hat Enterprise Linux 3, 4 and 5. For additional details, refer to the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4135
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:coreutils:5.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B4060C1F-54F4-4D8F-A359-48CC27359585"
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:5.91:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BB7AE17A-1310-4F3B-B649-ED3D14C161BB"
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:5.92:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "066F4A28-3C7E-4524-BB09-50A9C27F0DCE"
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:5.93:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B334A0E5-92C4-4027-B847-1E535D46759E"
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:5.94:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "70411321-9C15-4EE5-8C50-C730DC114B69"
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:5.95:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F9CDDE73-12B4-49BD-AA4A-EFDB27DCEE63"
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:5.96:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "56235E45-03A0-4665-A892-E022F3CECEFD"
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:5.97:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FAAFD6D4-7CA0-4C5E-ACCE-0FEFE123282A"
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:6.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "17B19ECD-3B51-495B-890A-A65715E84500"
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:6.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9BA15857-9B26-44EC-8111-B4AB5F14CAA4"
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:6.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A9322877-683C-4662-8862-8A19921DDFF6"
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:6.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "64510D4D-D783-4D91-969A-631864135A4B"
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:6.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "047B607D-074F-4154-BDBC-C252A0E332FD"
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:6.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "60A5A833-9CDA-459E-B1AF-8813E559DE0D"
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:6.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DE7C16BD-A66A-436D-935D-6FB03EFF477C"
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:6.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA7FA6D6-C675-4B21-B29F-D0686C03D373"
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:6.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C77C7E77-20AB-4B96-B5F9-51D0B598A9F9"
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:6.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8B96E929-15F1-40EE-9EE0-ABBF0C8EFA76"
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:6.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD5C865C-B8B1-4410-8DC8-015FA8CACA97"
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "47B9797D-D66B-47AB-8ED9-8EB6A3B7BB3B"
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "05224EEF-A6C6-4B04-AD37-B22AB9048D7C"
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:7.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B417E42B-821D-4C74-BF47-3594C9AE1B98"
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:7.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E64DD6D2-3025-4805-A7BD-0A0FDCF906CF"
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:7.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "499983D5-E6A2-411B-861C-95653E238FF1"
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:7.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6A4FDCD8-F63F-42A8-9130-3E69B6A5331A"
},
{
"criteria": "cpe:2.3:a:gnu:coreutils:8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4BCA48A1-617A-4B82-A363-70131EE27150"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B3BB5EDB-520B-4DEF-B06E-65CA13152824"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E44669D7-6C1E-4844-B78A-73E253A7CC17"
}
],
"operator": "OR"
}
]
}
]