CVE-2002-0435

Sažetak

Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system.

Reference

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-018.1.txt
http://mail.gnu.org/archive/html/bug-fileutils/2002-03/msg00028.html
http://www.iss.net/security_center/static/8432.php
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-031.php
http://www.redhat.com/support/errata/RHSA-2003-015.html
http://www.redhat.com/support/errata/RHSA-2003-016.html
http://www.securityfocus.com/archive/1/260936
http://www.securityfocus.com/bid/4266

CVSS

Base:	1.2
Impact:	2.9
Exploitability:	1.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:L/AC:H/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

05-09-2008 - 20:28

Objavljeno

26-07-2002 - 04:00