CVE-2009-4135

GNU coreutils <8.1 - Privilege Escalation

Title source: llm

Description

The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.

References (16)

Core 16

Core References

Mailing List mailing-list x_refsource_mlist

http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18779.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/60853

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2473-1

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2009/12/08/4

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/37645

Issue Tracking, Patch x_refsource_confirm

http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/37256

Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist

http://marc.info/?l=oss-security&m=126030454503441&w=2

Third Party Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00954.html

Permissions Required vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/3453

Third Party Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00972.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/37860

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/54673

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/62226

Issue Tracking, Patch x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=545439

Mailing List mailing-list x_refsource_mlist

http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18787.html

Scores

EPSS 0.0003

EPSS Percentile 9.5%

Details

CWE

CWE-59

Status published

Products (31)

canonical/ubuntu_linux 10.04

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 14.04

fedoraproject/fedora 11

fedoraproject/fedora 12

gnu/coreutils 5.2.1

gnu/coreutils 5.91

gnu/coreutils 5.92

gnu/coreutils 5.93

gnu/coreutils 5.94

... and 21 more

Published Dec 11, 2009

Tracked Since Feb 18, 2026