Vulnerability Description
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.
CVSS Score
4.4
MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Ubuntu Linux | 10.04 |
| Gnu | Coreutils | 5.2.1 |
| Fedoraproject | Fedora | 11 |
Related Weaknesses (CWE)
References
- http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5Issue TrackingPatch
- http://marc.info/?l=oss-security&m=126030454503441&w=2Mailing ListPatchThird Party Advisory
- http://secunia.com/advisories/37645
- http://secunia.com/advisories/37860
- http://secunia.com/advisories/62226
- http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18779.html
- http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18787.html
- http://www.openwall.com/lists/oss-security/2009/12/08/4Mailing ListThird Party Advisory
- http://www.osvdb.org/60853
- http://www.securityfocus.com/bid/37256Third Party AdvisoryVDB Entry
- http://www.ubuntu.com/usn/USN-2473-1Third Party Advisory
- http://www.vupen.com/english/advisories/2009/3453Permissions Required
- https://bugzilla.redhat.com/show_bug.cgi?id=545439Issue TrackingPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54673
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00954.hThird Party Advisory
FAQ
What is CVE-2009-4135?
CVE-2009-4135 is a vulnerability with a CVSS score of 4.4 (MEDIUM). The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.
How severe is CVE-2009-4135?
CVE-2009-4135 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4135?
Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Gnu Coreutils, Fedoraproject Fedora.