Back to search
CVE-2009-3289
Published: Sep 22, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/418135
x_refsource_CONFIRM
39656
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2010:010
vendor-advisory
x_refsource_SUSE
https://bugzilla.gnome.org/show_bug.cgi?id=593406
x_refsource_MISC
[oss-security] 20090908 CVE Request - glib symlink copying permission exposure
mailing-list
x_refsource_MLIST
ADV-2010-1001
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now