This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Xfs First view 2009-12-24
Product Acl Last view 2009-12-24
Version 2.2.47 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:xfs:acl

Activity : Overall

Related : CVE

  Date Alert Description
3.7 2009-12-24 CVE-2009-4411

The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in recursive (-R) mode, follow symbolic links even when the --physical (aka -P) or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-264 Permissions, Privileges, and Access Controls

Open Source Vulnerability Database (OSVDB)

id Description
61302 XFS Acl Multiple Operation Recursive Symlink Handling Local Privilege Escalation

OpenVAS Exploits

id Description
0000-00-00 Name : Slackware Advisory SSA:2011-108-01 acl
File : nvt/esoft_slk_ssa_2011_108_01.nasl

Nessus® Vulnerability Scanner

id Description
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-08.nasl - Type: ACT_GATHER_INFO
2011-04-19 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2011-108-01.nasl - Type: ACT_GATHER_INFO
2010-02-02 Name: The remote openSUSE host is missing a security update.
File: suse_11_0_acl-100115.nasl - Type: ACT_GATHER_INFO
2010-02-02 Name: The remote openSUSE host is missing a security update.
File: suse_11_1_acl-100115.nasl - Type: ACT_GATHER_INFO
2010-02-02 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_acl-100115.nasl - Type: ACT_GATHER_INFO
2009-12-29 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2009-345.nasl - Type: ACT_GATHER_INFO