CVE-2009-4135

CWE-598 documents8 sources

Severity

4.4MEDIUM

EPSS

0.0%

top 90.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Canonical Ubuntu Linux Fedoraproject Fedora GNU Coreutils

Timeline

PublishedDec 11

Latest updateMay 2

Description

The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages2 packages

▶Ubuntucoreutils< 8.21-1ubuntu5.1

▶NVDgnu/coreutils26 versions+25

Also affects: Fedora 11, 12, Ubuntu Linux 10.04, 12.04, 14.04

Patches

Patch: git.savannah.gnu.org ↗Patch: marc.info ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-q7ww-m6jm-qmwq: The distcheck rule in dist-check↗2022-05-02

▶

OSV

coreutils vulnerabilities↗2015-01-14

▶

CVEList

CVE-2009-4135: The distcheck rule in dist-check↗2009-12-11

▶

📋Vendor Advisories

Ubuntu

coreutils vulnerabilities↗2015-01-14

▶

Red Hat

coreutils: Unsafe temporary directory use in "distcheck" rule↗2009-12-07

▶

Debian

CVE-2009-4135: coreutils - The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows lo...↗2009

▶

💬Community

Bugzilla

CVE-2009-4135 coreutils: Unsafe temporary directory use in "distcheck" rule↗2009-12-08

▶