Description
rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local users to delete arbitrary files via a symlink attack on a file or directory under (1) /var/lock or (2) /var/run.
References (9)
Core 9
Core References
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-2857
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/31385
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01135.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=458504
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=458652
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45402
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32710
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32037
Third Party Advisory x_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0318
Scores
EPSS
0.0035
EPSS Percentile
26.7%
Details
CWE
CWE-59
Status
published
Products (2)
redhat/fedora
9
redhat/initscripts
8.76.3
Published
Sep 29, 2008
Tracked Since
Feb 18, 2026