CVE-2009-4135

2009-12-1116:30:00

CWE-59

[email protected]

web.nvd.nist.gov

cve-2009-4135

distcheck rule

symlink attack

privilege escalation

gnu coreutils

nvd

6.1 Medium

AI Score

Confidence

Low

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

9.5%

JSON

The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.

CPENameOperatorVersion
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq10.04
gnu:coreutilsgnu coreutilseq6.6
gnu:coreutilsgnu coreutilseq6.10
gnu:coreutilsgnu coreutilseq5.96
gnu:coreutilsgnu coreutilseq5.91
gnu:coreutilsgnu coreutilseq6.4
gnu:coreutilsgnu coreutilseq6.12
gnu:coreutilsgnu coreutilseq5.2.1

CPE	Name	Operator	Version
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	10.04
gnu:coreutils	gnu coreutils	eq	6.6
gnu:coreutils	gnu coreutils	eq	6.10
gnu:coreutils	gnu coreutils	eq	5.96
gnu:coreutils	gnu coreutils	eq	5.91
gnu:coreutils	gnu coreutils	eq	6.4
gnu:coreutils	gnu coreutils	eq	6.12
gnu:coreutils	gnu coreutils	eq	5.2.1