CVE Vulnerabilities

CVE-2009-4135

Improper Link Resolution Before File Access ('Link Following')

Published: Dec 11, 2009 | Modified: Feb 13, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.4 MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
1.2 LOW
AV:L/AC:H/Au:N/C:N/I:P/A:N
RedHat/V3
Ubuntu
LOW

The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.

Weakness

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Affected Software

Name Vendor Start Version End Version
Ubuntu_linux Canonical 10.04 (including) 10.04 (including)
Ubuntu_linux Canonical 12.04 (including) 12.04 (including)
Ubuntu_linux Canonical 14.04 (including) 14.04 (including)
Coreutils Ubuntu dapper *
Coreutils Ubuntu hardy *
Coreutils Ubuntu intrepid *
Coreutils Ubuntu jaunty *
Coreutils Ubuntu karmic *
Coreutils Ubuntu lucid *
Coreutils Ubuntu maverick *
Coreutils Ubuntu natty *
Coreutils Ubuntu oneiric *
Coreutils Ubuntu quantal *
Coreutils Ubuntu raring *
Coreutils Ubuntu saucy *

Potential Mitigations

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.

References