CVE-2009-4135 (GCVE-0-2009-4135)

Vulnerability from cvelistv5 – Published: 2009-12-11 16:00 – Updated: 2024-08-07 06:54
VLAI?
Summary
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.mail-archive.com/bug-coreutils%40gnu.o… mailing-listx_refsource_MLIST
http://www.osvdb.org/60853 vdb-entryx_refsource_OSVDB
http://www.ubuntu.com/usn/USN-2473-1 vendor-advisoryx_refsource_UBUNTU
http://www.openwall.com/lists/oss-security/2009/12/08/4 mailing-listx_refsource_MLIST
http://secunia.com/advisories/37645 third-party-advisoryx_refsource_SECUNIA
http://git.savannah.gnu.org/cgit/coreutils.git/co… x_refsource_CONFIRM
http://www.securityfocus.com/bid/37256 vdb-entryx_refsource_BID
http://marc.info/?l=oss-security&m=126030454503441&w=2 mailing-listx_refsource_MLIST
https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
http://www.vupen.com/english/advisories/2009/3453 vdb-entryx_refsource_VUPEN
https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
http://secunia.com/advisories/37860 third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://secunia.com/advisories/62226 third-party-advisoryx_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=545439 x_refsource_CONFIRM
http://www.mail-archive.com/bug-coreutils%40gnu.o… mailing-listx_refsource_MLIST
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:54:09.982Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[bug-coreutils] 20091208 Re: build: distcheck: do not leave a $TMPDIR/coreutils directory behind",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18779.html"
          },
          {
            "name": "60853",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/60853"
          },
          {
            "name": "USN-2473-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2473-1"
          },
          {
            "name": "[oss-security] 20091208 CVE Request -- coreutils -- unsafe temporary directory location use",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/12/08/4"
          },
          {
            "name": "37645",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37645"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5"
          },
          {
            "name": "37256",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37256"
          },
          {
            "name": "[oss-security] 20091208 Re: CVE Request -- coreutils -- unsafe temporary directory location use",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=126030454503441\u0026w=2"
          },
          {
            "name": "FEDORA-2009-13216",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00954.html"
          },
          {
            "name": "ADV-2009-3453",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3453"
          },
          {
            "name": "FEDORA-2009-13181",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00972.html"
          },
          {
            "name": "37860",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37860"
          },
          {
            "name": "gnu-core-distcheck-symlink(54673)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54673"
          },
          {
            "name": "62226",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62226"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=545439"
          },
          {
            "name": "[bug-coreutils] 20091209 [PATCH] doc: NEWS: mention the \"make distcheck\" vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18787.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-12-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[bug-coreutils] 20091208 Re: build: distcheck: do not leave a $TMPDIR/coreutils directory behind",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18779.html"
        },
        {
          "name": "60853",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/60853"
        },
        {
          "name": "USN-2473-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2473-1"
        },
        {
          "name": "[oss-security] 20091208 CVE Request -- coreutils -- unsafe temporary directory location use",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/12/08/4"
        },
        {
          "name": "37645",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37645"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5"
        },
        {
          "name": "37256",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37256"
        },
        {
          "name": "[oss-security] 20091208 Re: CVE Request -- coreutils -- unsafe temporary directory location use",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=126030454503441\u0026w=2"
        },
        {
          "name": "FEDORA-2009-13216",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00954.html"
        },
        {
          "name": "ADV-2009-3453",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3453"
        },
        {
          "name": "FEDORA-2009-13181",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00972.html"
        },
        {
          "name": "37860",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37860"
        },
        {
          "name": "gnu-core-distcheck-symlink(54673)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54673"
        },
        {
          "name": "62226",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62226"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=545439"
        },
        {
          "name": "[bug-coreutils] 20091209 [PATCH] doc: NEWS: mention the \"make distcheck\" vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18787.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-4135",
    "datePublished": "2009-12-11T16:00:00",
    "dateReserved": "2009-12-01T00:00:00",
    "dateUpdated": "2024-08-07T06:54:09.982Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"5D37DF0F-F863-45AC-853A-3E04F9FEC7CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B5A6F2F3-4894-4392-8296-3B8DD2679084\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:coreutils:5.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4060C1F-54F4-4D8F-A359-48CC27359585\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:coreutils:5.91:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB7AE17A-1310-4F3B-B649-ED3D14C161BB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:coreutils:5.92:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"066F4A28-3C7E-4524-BB09-50A9C27F0DCE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:coreutils:5.93:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B334A0E5-92C4-4027-B847-1E535D46759E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:coreutils:5.94:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70411321-9C15-4EE5-8C50-C730DC114B69\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:coreutils:5.95:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9CDDE73-12B4-49BD-AA4A-EFDB27DCEE63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:coreutils:5.96:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56235E45-03A0-4665-A892-E022F3CECEFD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:coreutils:5.97:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FAAFD6D4-7CA0-4C5E-ACCE-0FEFE123282A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:coreutils:6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17B19ECD-3B51-495B-890A-A65715E84500\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:coreutils:6.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BA15857-9B26-44EC-8111-B4AB5F14CAA4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:coreutils:6.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9322877-683C-4662-8862-8A19921DDFF6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:coreutils:6.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"64510D4D-D783-4D91-969A-631864135A4B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:coreutils:6.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"047B607D-074F-4154-BDBC-C252A0E332FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:coreutils:6.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"60A5A833-9CDA-459E-B1AF-8813E559DE0D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:coreutils:6.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE7C16BD-A66A-436D-935D-6FB03EFF477C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:coreutils:6.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA7FA6D6-C675-4B21-B29F-D0686C03D373\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:coreutils:6.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C77C7E77-20AB-4B96-B5F9-51D0B598A9F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:coreutils:6.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B96E929-15F1-40EE-9EE0-ABBF0C8EFA76\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:coreutils:6.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD5C865C-B8B1-4410-8DC8-015FA8CACA97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:coreutils:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"47B9797D-D66B-47AB-8ED9-8EB6A3B7BB3B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:coreutils:7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"05224EEF-A6C6-4B04-AD37-B22AB9048D7C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:coreutils:7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B417E42B-821D-4C74-BF47-3594C9AE1B98\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:coreutils:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E64DD6D2-3025-4805-A7BD-0A0FDCF906CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:coreutils:7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"499983D5-E6A2-411B-861C-95653E238FF1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:coreutils:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A4FDCD8-F63F-42A8-9130-3E69B6A5331A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:coreutils:8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BCA48A1-617A-4B82-A363-70131EE27150\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3BB5EDB-520B-4DEF-B06E-65CA13152824\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E44669D7-6C1E-4844-B78A-73E253A7CC17\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.\"}, {\"lang\": \"es\", \"value\": \"La regla distcheck en dist-check.mk en GNU coreutils desde v5.2.1 hasta v8.1 permite a usuarios locales ganar privilegios a trav\\u00e9s de un ataque de enlace simb\\u00f3lico en un fichero que este en la carpeta /tmp.\"}]",
      "id": "CVE-2009-4135",
      "lastModified": "2024-11-21T01:08:59.830",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.4, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2009-12-11T16:30:00.327",
      "references": "[{\"url\": \"http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"http://marc.info/?l=oss-security\u0026m=126030454503441\u0026w=2\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/37645\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/37860\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/62226\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18779.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18787.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2009/12/08/4\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.osvdb.org/60853\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/37256\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-2473-1\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/3453\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=545439\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/54673\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00954.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00972.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"http://marc.info/?l=oss-security\u0026m=126030454503441\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/37645\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/37860\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/62226\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18779.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18787.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2009/12/08/4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.osvdb.org/60853\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/37256\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-2473-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/3453\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=545439\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/54673\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00954.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00972.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vendorComments": "[{\"organization\": \"Red Hat\", \"comment\": \"This issue does not affect users using coreutils binary RPMs, or rebuilding source RPMs. Therefore, we do not plan to release updates addressing this flaw on Red Hat Enterprise Linux 3, 4 and 5.\\n\\nFor additional details, refer to the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4135\", \"lastModified\": \"2010-02-26T00:00:00\"}]",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-59\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-4135\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2009-12-11T16:30:00.327\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.\"},{\"lang\":\"es\",\"value\":\"La regla distcheck en dist-check.mk en GNU coreutils desde v5.2.1 hasta v8.1 permite a usuarios locales ganar privilegios a trav\u00e9s de un ataque de enlace simb\u00f3lico en un fichero que este en la carpeta /tmp.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":4.4,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-59\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"5D37DF0F-F863-45AC-853A-3E04F9FEC7CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:coreutils:5.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4060C1F-54F4-4D8F-A359-48CC27359585\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:coreutils:5.91:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB7AE17A-1310-4F3B-B649-ED3D14C161BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:coreutils:5.92:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"066F4A28-3C7E-4524-BB09-50A9C27F0DCE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:coreutils:5.93:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B334A0E5-92C4-4027-B847-1E535D46759E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:coreutils:5.94:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70411321-9C15-4EE5-8C50-C730DC114B69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:coreutils:5.95:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9CDDE73-12B4-49BD-AA4A-EFDB27DCEE63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:coreutils:5.96:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56235E45-03A0-4665-A892-E022F3CECEFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:coreutils:5.97:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAAFD6D4-7CA0-4C5E-ACCE-0FEFE123282A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:coreutils:6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17B19ECD-3B51-495B-890A-A65715E84500\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:coreutils:6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BA15857-9B26-44EC-8111-B4AB5F14CAA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:coreutils:6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9322877-683C-4662-8862-8A19921DDFF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:coreutils:6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64510D4D-D783-4D91-969A-631864135A4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:coreutils:6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"047B607D-074F-4154-BDBC-C252A0E332FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:coreutils:6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60A5A833-9CDA-459E-B1AF-8813E559DE0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:coreutils:6.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE7C16BD-A66A-436D-935D-6FB03EFF477C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:coreutils:6.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA7FA6D6-C675-4B21-B29F-D0686C03D373\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:coreutils:6.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C77C7E77-20AB-4B96-B5F9-51D0B598A9F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:coreutils:6.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B96E929-15F1-40EE-9EE0-ABBF0C8EFA76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:coreutils:6.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD5C865C-B8B1-4410-8DC8-015FA8CACA97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:coreutils:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47B9797D-D66B-47AB-8ED9-8EB6A3B7BB3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:coreutils:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05224EEF-A6C6-4B04-AD37-B22AB9048D7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:coreutils:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B417E42B-821D-4C74-BF47-3594C9AE1B98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:coreutils:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E64DD6D2-3025-4805-A7BD-0A0FDCF906CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:coreutils:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"499983D5-E6A2-411B-861C-95653E238FF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:coreutils:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A4FDCD8-F63F-42A8-9130-3E69B6A5331A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:coreutils:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BCA48A1-617A-4B82-A363-70131EE27150\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3BB5EDB-520B-4DEF-B06E-65CA13152824\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E44669D7-6C1E-4844-B78A-73E253A7CC17\"}]}]}],\"references\":[{\"url\":\"http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"http://marc.info/?l=oss-security\u0026m=126030454503441\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/37645\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/37860\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/62226\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18779.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18787.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2009/12/08/4\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.osvdb.org/60853\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/37256\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2473-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/3453\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=545439\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/54673\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00954.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00972.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"http://marc.info/?l=oss-security\u0026m=126030454503441\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/37645\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/37860\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/62226\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18779.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18787.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2009/12/08/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.osvdb.org/60853\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/37256\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2473-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/3453\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=545439\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/54673\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00954.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00972.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"This issue does not affect users using coreutils binary RPMs, or rebuilding source RPMs. Therefore, we do not plan to release updates addressing this flaw on Red Hat Enterprise Linux 3, 4 and 5.\\n\\nFor additional details, refer to the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4135\",\"lastModified\":\"2010-02-26T00:00:00\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.