Lucene search
PRIOn knowledge basePRION:CVE-2009-4411HistoryDec 24, 2009 - 4:30 p.m.
Code injection
2009-12-2416:30:00
PRIOn knowledge base
www.prio-n.com
1
The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in recursive (-R) mode, follow symbolic links even when the --physical (aka -P) or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack.
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=499076
git.savannah.gnu.org/cgit/acl.git/commit/?id=63451a0
lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html
oss.sgi.com/bugzilla/show_bug.cgi?id=790
osvdb.org/61302
secunia.com/advisories/37907
secunia.com/advisories/38420
www.mandriva.com/security/advisories?name=MDVSA-2009:345
www.openwall.com/lists/oss-security/2009/12/23/2
www.securityfocus.com/bid/37455
exchange.xforce.ibmcloud.com/vulnerabilities/55004
Related
slackware
slackware
[slackware-security] acl
2011-04-18 23:12:58
cve
cve
CVE-2009-4411
2009-12-24 16:30:00
nessus
nessus
Mandriva Linux Security Advisory : acl (MDVSA-2009:345)
2009-12-29 00:00:00
openSUSE Security Update : acl (acl-1803)
2010-02-02 00:00:00
openSUSE Security Update : acl (acl-1803)
2010-02-02 00:00:00
openvas
openvas
Slackware Advisory SSA:2011-108-01 acl
2012-09-11 00:00:00
Slackware: Security Advisory (SSA:2011-108-01)
2012-09-10 00:00:00
Gentoo Security Advisory GLSA 201412-08
2015-09-29 00:00:00
ubuntucve
ubuntucve
CVE-2009-4411
2009-12-24 00:00:00
securityvulns
securityvulns
setfacl / getfacl symbolic links vulnerability
2009-12-29 00:00:00
[ MDVSA-2009:345 ] acl
2009-12-29 00:00:00
cvelist
cvelist
CVE-2009-4411
2009-12-24 16:00:00
nvd
nvd
CVE-2009-4411
2009-12-24 16:30:00
debiancve
debiancve
CVE-2009-4411
2009-12-24 16:30:00
gentoo
gentoo
Multiple packages, Multiple vulnerabilities fixed in 2010
2014-12-11 00:00:00