Lucene search
+L

16 matches found

Fedora
Fedora
added 4 days ago7 views

[SECURITY] Fedora 43 Update: acl-2.4.0-1.fc43

This package contains the getfacl and setfacl utilities needed for manipulating access control lists...

8.4CVSS6.1AI score0.00142EPSS
Exploits0
Fedora
Fedora
added 6 days ago7 views

[SECURITY] Fedora 44 Update: acl-2.4.0-1.fc44

This package contains the getfacl and setfacl utilities needed for manipulating access control lists...

8.4CVSS6.1AI score0.00142EPSS
Exploits0
NVD
NVD
added 2026/06/29 2:16 p.m.10 views

CVE-2026-54370

acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...

7.2CVSS0.00091EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/29 1:12 p.m.10 views

CVE-2026-54370

A time-of-check to time-of-use TOCTOU race condition vulnerability was found in acl. By replacing a pathname component with a symbolic link between a security check and subsequent file operations, an attacker can redirect file access control list operations. This occurs when privileged processes...

7.2CVSS5.7AI score0.00091EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/29 1:0 p.m.7 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview acl is a None Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition. in the getfacl or setfacl process. An attacker can gain unauthorized access to files or escalate privileges by exploiting a race condition where a symbolic link replaces a...

7.2CVSS5.8AI score0.00091EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/29 12:38 p.m.9 views

CVE-2026-54370

acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...

7.2CVSS5.9AI score0.00091EPSS
Exploits0
EUVD
EUVD
added 2026/06/29 12:38 p.m.8 views

EUVD-2026-40086

acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...

7.2CVSS5.9AI score0.00091EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/29 12:38 p.m.56 views

CVE-2026-54370 acl < 2.4.0 TOCTOU Symlink Traversal via getfacl/setfacl/chacl

acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...

7.2CVSS0.00091EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2009-4378

Malware in sbrugna...

3.7CVSS6.1AI score0.00329EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2023/02/15 6:1 a.m.4 views

SUSE CVE-2009-4411

The 1 setfacl and 2 getfacl commands in XFS acl 2.2.47, when running in recursive -R mode, follow symbolic links even when the --physical aka -P or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack...

3.7CVSS6.9AI score0.00329EPSS
Exploits0References4
securityvulns
securityvulns
added 2009/12/29 12:0 a.m.88 views

setfacl / getfacl symbolic links vulnerability

Symbolic links are followed on recursive operation...

3.7CVSS3.6AI score0.00329EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2009/12/24 4:30 p.m.27 views

CVE-2009-4411

The 1 setfacl and 2 getfacl commands in XFS acl 2.2.47, when running in recursive -R mode, follow symbolic links even when the --physical aka -P or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack...

3.7CVSS6AI score0.00329EPSS
Exploits0References1
NVD
NVD
added 2009/12/24 4:30 p.m.12 views

CVE-2009-4411

The 1 setfacl and 2 getfacl commands in XFS acl 2.2.47, when running in recursive -R mode, follow symbolic links even when the --physical aka -P or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack...

3.7CVSS6.3AI score0.00329EPSS
Exploits0References11
OSV
OSV
added 2009/12/24 4:30 p.m.1 views

DEBIAN-CVE-2009-4411

The 1 setfacl and 2 getfacl commands in XFS acl 2.2.47, when running in recursive -R mode, follow symbolic links even when the --physical aka -P or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack...

3.7CVSS6.5AI score0.00329EPSS
Exploits0References1
Cvelist
Cvelist
added 2009/12/24 4:0 p.m.24 views

CVE-2009-4411

The 1 setfacl and 2 getfacl commands in XFS acl 2.2.47, when running in recursive -R mode, follow symbolic links even when the --physical aka -P or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack...

9AI score0.00329EPSS
Exploits0References11
CVE
CVE
added 2009/12/24 4:0 p.m.66 views

CVE-2009-4411

CVE-2009-4411 concerns the acl feature in XFS ACL 2.2.47. The setfacl and getfacl utilities, when run in recursive (-R) mode, follow symbolic links even if --physical (-P) or -L is specified. This could allow a local attacker to manipulate ACLs on arbitrary files or directories via a symlink atta...

3.7CVSS8.9AI score0.00329EPSS
Exploits0References11Affected Software1
Rows per page
Query Builder