Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0435

Overview

Vulnerability Score 1.2 1.2
CVE Id CVE-2002-0435
Last Modified 05 Sep 2008 04:28:01
Published 26 Jul 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2002-0435

Summary

Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system.

Vulnerable Systems

Application

  • Gnu Fileutils 4.0

  • Gnu Fileutils 4.1

  • Gnu Fileutils 4.1.6


References

BID - 4266

XF - gnu-fileutils-race-condition(8432)

CALDERA - CSSA-2002-018.1

BUGTRAQ - 20020310 GNU fileutils - recursive directory removal race condition

CONFIRM - http://mail.gnu.org/archive/html/bug-fileutils/2002-03/msg00028.html

REDHAT - RHSA-2003:016

REDHAT - RHSA-2003:015

MANDRAKE - MDKSA-2002:031


Last Updated: 27 May 2016 10:36:54