CVE-2007-0895 — Race Condition in Solaris

4 documents4 sources

Severity

2.6LOWNVD

CNA1.2

EPSS

0.1%

top 78.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Solaris SUN Sunos

Timeline

PublishedFeb 13

Latest updateMay 1

Description

Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435.

CVSS vector

AV:L/AC:H/C:N/I:P/A:PExploitability: 1.9 | Impact: 4.9

Affected Packages2 packages

▶NVDsun/solaris10.0, 9.0+1

▶NVDsun/sunos5.8

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-3g37-x67f-m9rp: Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to de↗2022-05-01

▶

CVEList

CVE-2007-0895: Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to de↗2007-02-13

▶

💬Community

Bugzilla

CVE-2007-4639 EnterpriseDB security flaw↗2007-09-10

▶