FKIE_CVE-2009-4135

Vulnerability from fkie_nvd - Published: 2009-12-11 16:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.
References
secalert@redhat.comhttp://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5Issue Tracking, Patch
secalert@redhat.comhttp://marc.info/?l=oss-security&m=126030454503441&w=2Mailing List, Patch, Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/37645
secalert@redhat.comhttp://secunia.com/advisories/37860
secalert@redhat.comhttp://secunia.com/advisories/62226
secalert@redhat.comhttp://www.mail-archive.com/bug-coreutils%40gnu.org/msg18779.html
secalert@redhat.comhttp://www.mail-archive.com/bug-coreutils%40gnu.org/msg18787.html
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2009/12/08/4Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.osvdb.org/60853
secalert@redhat.comhttp://www.securityfocus.com/bid/37256Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2473-1Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/3453Permissions Required
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=545439Issue Tracking, Patch
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/54673
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg00954.htmlThird Party Advisory
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg00972.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=oss-security&m=126030454503441&w=2Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37645
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37860
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/62226
af854a3a-2127-422b-91ae-364da2661108http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18779.html
af854a3a-2127-422b-91ae-364da2661108http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18787.html
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2009/12/08/4Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/60853
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/37256Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2473-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3453Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=545439Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/54673
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00954.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00972.htmlThird Party Advisory
Impacted products
Vendor Product Version
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
gnu coreutils 5.2.1
gnu coreutils 5.91
gnu coreutils 5.92
gnu coreutils 5.93
gnu coreutils 5.94
gnu coreutils 5.95
gnu coreutils 5.96
gnu coreutils 5.97
gnu coreutils 6.2
gnu coreutils 6.3
gnu coreutils 6.4
gnu coreutils 6.5
gnu coreutils 6.6
gnu coreutils 6.7
gnu coreutils 6.8
gnu coreutils 6.9
gnu coreutils 6.10
gnu coreutils 6.11
gnu coreutils 6.12
gnu coreutils 7.1
gnu coreutils 7.2
gnu coreutils 7.3
gnu coreutils 7.4
gnu coreutils 7.5
gnu coreutils 7.6
gnu coreutils 8.1
fedoraproject fedora 11
fedoraproject fedora 12
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:coreutils:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4060C1F-54F4-4D8F-A359-48CC27359585",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:coreutils:5.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB7AE17A-1310-4F3B-B649-ED3D14C161BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:coreutils:5.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "066F4A28-3C7E-4524-BB09-50A9C27F0DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:coreutils:5.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "B334A0E5-92C4-4027-B847-1E535D46759E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:coreutils:5.94:*:*:*:*:*:*:*",
              "matchCriteriaId": "70411321-9C15-4EE5-8C50-C730DC114B69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:coreutils:5.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9CDDE73-12B4-49BD-AA4A-EFDB27DCEE63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:coreutils:5.96:*:*:*:*:*:*:*",
              "matchCriteriaId": "56235E45-03A0-4665-A892-E022F3CECEFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:coreutils:5.97:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAAFD6D4-7CA0-4C5E-ACCE-0FEFE123282A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:coreutils:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "17B19ECD-3B51-495B-890A-A65715E84500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:coreutils:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BA15857-9B26-44EC-8111-B4AB5F14CAA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:coreutils:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9322877-683C-4662-8862-8A19921DDFF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:coreutils:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "64510D4D-D783-4D91-969A-631864135A4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:coreutils:6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "047B607D-074F-4154-BDBC-C252A0E332FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:coreutils:6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "60A5A833-9CDA-459E-B1AF-8813E559DE0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:coreutils:6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE7C16BD-A66A-436D-935D-6FB03EFF477C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:coreutils:6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA7FA6D6-C675-4B21-B29F-D0686C03D373",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:coreutils:6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77C7E77-20AB-4B96-B5F9-51D0B598A9F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:coreutils:6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B96E929-15F1-40EE-9EE0-ABBF0C8EFA76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:coreutils:6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD5C865C-B8B1-4410-8DC8-015FA8CACA97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:coreutils:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47B9797D-D66B-47AB-8ED9-8EB6A3B7BB3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:coreutils:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "05224EEF-A6C6-4B04-AD37-B22AB9048D7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:coreutils:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B417E42B-821D-4C74-BF47-3594C9AE1B98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:coreutils:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E64DD6D2-3025-4805-A7BD-0A0FDCF906CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:coreutils:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "499983D5-E6A2-411B-861C-95653E238FF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:coreutils:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A4FDCD8-F63F-42A8-9130-3E69B6A5331A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:coreutils:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BCA48A1-617A-4B82-A363-70131EE27150",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3BB5EDB-520B-4DEF-B06E-65CA13152824",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E44669D7-6C1E-4844-B78A-73E253A7CC17",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp."
    },
    {
      "lang": "es",
      "value": "La regla distcheck en dist-check.mk en GNU coreutils desde v5.2.1 hasta v8.1 permite a usuarios locales ganar privilegios a trav\u00e9s de un ataque de enlace simb\u00f3lico en un fichero que este en la carpeta /tmp."
    }
  ],
  "id": "CVE-2009-4135",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-12-11T16:30:00.327",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=oss-security\u0026m=126030454503441\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/37645"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/37860"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/62226"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18779.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18787.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2009/12/08/4"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.osvdb.org/60853"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/37256"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2473-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3453"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=545439"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54673"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00954.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00972.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=oss-security\u0026m=126030454503441\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37645"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37860"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62226"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18779.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18787.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2009/12/08/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/60853"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/37256"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2473-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=545439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54673"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00954.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00972.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vendorComments": [
    {
      "comment": "This issue does not affect users using coreutils binary RPMs, or rebuilding source RPMs. Therefore, we do not plan to release updates addressing this flaw on Red Hat Enterprise Linux 3, 4 and 5.\n\nFor additional details, refer to the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4135",
      "lastModified": "2010-02-26T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.