chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Suse_linux | Novell | 10.0 (including) | 10.0 (including) |
| Suse_linux | Suse | 9.0 (including) | 9.0 (including) |
| Suse_linux | Suse | 9.1 (including) | 9.1 (including) |
| Suse_linux | Suse | 9.2 (including) | 9.2 (including) |
| Suse_linux | Suse | 9.3 (including) | 9.3 (including) |
References
- http://secunia.com/advisories/17290/
- http://www.novell.com/linux/security/advisories/2005_62_permissions.html
- http://www.osvdb.org/20263
- http://www.securityfocus.com/bid/15182
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22853
- http://secunia.com/advisories/17290/
- http://www.novell.com/linux/security/advisories/2005_62_permissions.html
- http://www.osvdb.org/20263
- http://www.securityfocus.com/bid/15182
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22853