4.4 - MDVSA-2010:024

Executive Summary

Informations
Name	MDVSA-2010:024	First vendor Publication	2010-01-23
Vendor	Mandriva	Last vendor Modification	2010-01-23
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score	4.4	Attack Range	Local
Cvss Impact Score	6.4	Attack Complexity	Medium
Cvss Expoit Score	3.4	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability were discovered and corrected in coreutils:

The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp (CVE-2009-4135).

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.

The updated packages have been patched to correct this issue.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2010:024

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-59	Improper Link Resolution Before File Access ('Link Following')

CPE : Common Platform Enumeration

Type	Description	Count
Application	Gnu Coreutils cpe:2.3:a:gnu:coreutils:8.1:::::::* cpe:2.3:a:gnu:coreutils:7.6:::::::* cpe:2.3:a:gnu:coreutils:7.5:::::::* cpe:2.3:a:gnu:coreutils:7.4:::::::* cpe:2.3:a:gnu:coreutils:7.3:::::::* cpe:2.3:a:gnu:coreutils:7.2:::::::* cpe:2.3:a:gnu:coreutils:7.1:::::::* cpe:2.3:a:gnu:coreutils:6.9:::::::* cpe:2.3:a:gnu:coreutils:6.8:::::::* cpe:2.3:a:gnu:coreutils:6.7:::::::* cpe:2.3:a:gnu:coreutils:6.6:::::::* cpe:2.3:a:gnu:coreutils:6.5:::::::* cpe:2.3:a:gnu:coreutils:6.4:::::::* cpe:2.3:a:gnu:coreutils:6.3:::::::* cpe:2.3:a:gnu:coreutils:6.2:::::::* cpe:2.3:a:gnu:coreutils:6.12:::::::* cpe:2.3:a:gnu:coreutils:6.11:::::::* cpe:2.3:a:gnu:coreutils:6.10:::::::* cpe:2.3:a:gnu:coreutils:5.97:::::::* cpe:2.3:a:gnu:coreutils:5.96:::::::* cpe:2.3:a:gnu:coreutils:5.95:::::::* cpe:2.3:a:gnu:coreutils:5.94:::::::* cpe:2.3:a:gnu:coreutils:5.93:::::::* cpe:2.3:a:gnu:coreutils:5.92:::::::* cpe:2.3:a:gnu:coreutils:5.91:::::::* cpe:2.3:a:gnu:coreutils:5.2.1:::::::*	26
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:10.04::::lts:::	3
Os	Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:12:::::::* cpe:2.3:o:fedoraproject:fedora:11:::::::*	2

OpenVAS Exploits

Date	Description
2010-01-25	Name : Mandriva Update for coreutils MDVSA-2010:024 (coreutils) File : nvt/gb_mandriva_MDVSA_2010_024.nasl
2009-12-30	Name : Fedora Core 12 FEDORA-2009-13181 (coreutils) File : nvt/fcore_2009_13181.nasl
2009-12-30	Name : Fedora Core 11 FEDORA-2009-13216 (coreutils) File : nvt/fcore_2009_13216.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
60853	GNU Core Utilities distcheck Temporary Directory Symlink Local Privilege Esca...

Nessus® Vulnerability Scanner

Date	Description
2015-01-15	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2473-1.nasl - Type : ACT_GATHER_INFO
2010-01-25	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-024.nasl - Type : ACT_GATHER_INFO
2009-12-18	Name : The remote Fedora host is missing a security update. File : fedora_2009-13181.nasl - Type : ACT_GATHER_INFO
2009-12-18	Name : The remote Fedora host is missing a security update. File : fedora_2009-13216.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:41:12	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	31
osvdb(s)	1
Openvas Exploit(s)	3
Nessus® Exploit(s)	4

	Related
4.4	CVE-2009-4135
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

4.4 - MDVSA-2010:024

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU