Your submission was sent successfully! Close

CVE-2009-4135

Published: 11 December 2009

The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.

Priority

Low

Status

Package Release Status
coreutils
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

Patches:
Upstream: http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5
This vulnerability is mitigated in part by the use of symlink restrictions in Ubuntu. This vulnerability is mitigated in part by the use of hardlink restrictions in Ubuntu.