16 matches found
[SECURITY] Fedora 43 Update: acl-2.4.0-1.fc43
This package contains the getfacl and setfacl utilities needed for manipulating access control lists...
[SECURITY] Fedora 44 Update: acl-2.4.0-1.fc44
This package contains the getfacl and setfacl utilities needed for manipulating access control lists...
CVE-2026-54370
acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...
CVE-2026-54370
A time-of-check to time-of-use TOCTOU race condition vulnerability was found in acl. By replacing a pathname component with a symbolic link between a security check and subsequent file operations, an attacker can redirect file access control list operations. This occurs when privileged processes...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview acl is a None Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition. in the getfacl or setfacl process. An attacker can gain unauthorized access to files or escalate privileges by exploiting a race condition where a symbolic link replaces a...
CVE-2026-54370
acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...
EUVD-2026-40086
acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...
CVE-2026-54370 acl < 2.4.0 TOCTOU Symlink Traversal via getfacl/setfacl/chacl
acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...
EUVD-2009-4378
Malware in sbrugna...
SUSE CVE-2009-4411
The 1 setfacl and 2 getfacl commands in XFS acl 2.2.47, when running in recursive -R mode, follow symbolic links even when the --physical aka -P or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack...
setfacl / getfacl symbolic links vulnerability
Symbolic links are followed on recursive operation...
CVE-2009-4411
The 1 setfacl and 2 getfacl commands in XFS acl 2.2.47, when running in recursive -R mode, follow symbolic links even when the --physical aka -P or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack...
CVE-2009-4411
The 1 setfacl and 2 getfacl commands in XFS acl 2.2.47, when running in recursive -R mode, follow symbolic links even when the --physical aka -P or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack...
DEBIAN-CVE-2009-4411
The 1 setfacl and 2 getfacl commands in XFS acl 2.2.47, when running in recursive -R mode, follow symbolic links even when the --physical aka -P or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack...
CVE-2009-4411
The 1 setfacl and 2 getfacl commands in XFS acl 2.2.47, when running in recursive -R mode, follow symbolic links even when the --physical aka -P or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack...
CVE-2009-4411
CVE-2009-4411 concerns the acl feature in XFS ACL 2.2.47. The setfacl and getfacl utilities, when run in recursive (-R) mode, follow symbolic links even if --physical (-P) or -L is specified. This could allow a local attacker to manipulate ACLs on arbitrary files or directories via a symlink atta...