CVE-2009-4135

Description

The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.

Affected products

• Canonical / Ubuntu Linux10.04 – 10.04
• Canonical / Ubuntu Linux12.04 – 12.04
• Canonical / Ubuntu Linux14.04 – 14.04
• fedoraproject / fedora12 – 12
• fedoraproject / fedora11 – 11
• gnu / coreutils5.92 – 5.92
• gnu / coreutils5.93 – 5.93
• gnu / coreutils5.94 – 5.94
• gnu / coreutils5.95 – 5.95
• gnu / coreutils5.96 – 5.96
• gnu / coreutils5.97 – 5.97
• gnu / coreutils6.2 – 6.2
• gnu / coreutils6.3 – 6.3
• gnu / coreutils6.4 – 6.4
• gnu / coreutils6.5 – 6.5
• gnu / coreutils6.6 – 6.6
• gnu / coreutils6.7 – 6.7
• gnu / coreutils6.8 – 6.8
• gnu / coreutils6.9 – 6.9
• gnu / coreutils6.10 – 6.10
• gnu / coreutils6.11 – 6.11
• gnu / coreutils6.12 – 6.12
• gnu / coreutils7.1 – 7.1
• gnu / coreutils7.2 – 7.2
• gnu / coreutils7.3 – 7.3
• gnu / coreutils7.4 – 7.4
• gnu / coreutils7.5 – 7.5
• gnu / coreutils7.6 – 7.6
• gnu / coreutils8.1 – 8.1
• gnu / coreutils5.2.1 – 5.2.1
• gnu / coreutils5.91 – 5.91

References

• MISChttp://www.mail-archive.com/bug-coreutils%40gnu.org/msg18779.html
• MISChttp://www.osvdb.org/60853
• VENDOR_ADVISORYhttp://www.ubuntu.com/usn/USN-2473-1
• MAILING_LISThttp://www.openwall.com/lists/oss-security/2009/12/08/4
• VENDOR_ADVISORYhttp://secunia.com/advisories/37645
• MISChttp://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5
• MISChttp://www.securityfocus.com/bid/37256
• MAILING_LISThttp://marc.info/?l=oss-security&m=126030454503441&w=2
• MISChttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg00954.html
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2009/3453
• MISChttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg00972.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/37860
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/54673
• VENDOR_ADVISORYhttp://secunia.com/advisories/62226
• MISChttps://bugzilla.redhat.com/show_bug.cgi?id=545439
• MISChttp://www.mail-archive.com/bug-coreutils%40gnu.org/msg18787.html