CVE-2009-4135

2009-12-1116:30:00

Debian Security Bug Tracker

security-tracker.debian.org

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

9.5%

JSON

The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.

OSVersionArchitecturePackageVersionFilename
Debian12allcoreutils< 9.1-1coreutils_9.1-1_all.deb
Debian11allcoreutils< 8.32-4coreutils_8.32-4_all.deb
Debian10allcoreutils< 8.30-3coreutils_8.30-3_all.deb
Debian999allcoreutils< 9.4-3.1coreutils_9.4-3.1_all.deb
Debian13allcoreutils< 9.4-3.1coreutils_9.4-3.1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	coreutils	< 9.1-1	coreutils_9.1-1_all.deb
Debian	11	all	coreutils	< 8.32-4	coreutils_8.32-4_all.deb
Debian	10	all	coreutils	< 8.30-3	coreutils_8.30-3_all.deb
Debian	999	all	coreutils	< 9.4-3.1	coreutils_9.4-3.1_all.deb
Debian	13	all	coreutils	< 9.4-3.1	coreutils_9.4-3.1_all.deb