Back to search
CVE-2009-4411
Published: Dec 24, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in recursive (-R) mode, follow symbolic links even when the --physical (aka -P) or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://oss.sgi.com/bugzilla/show_bug.cgi?id=790
x_refsource_CONFIRM
61302
vdb-entry
x_refsource_OSVDB
http://git.savannah.gnu.org/cgit/acl.git/commit/?id=63451a0
x_refsource_CONFIRM
37455
vdb-entry
x_refsource_BID
37907
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20091223 CVE request: acl 2.2.47 always follows symlinks
mailing-list
x_refsource_MLIST
MDVSA-2009:345
vendor-advisory
x_refsource_MANDRIVA
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499076
x_refsource_CONFIRM
SUSE-SR:2010:002
vendor-advisory
x_refsource_SUSE
38420
third-party-advisory
x_refsource_SECUNIA
acl-setfacl-getfacl-symlink(55004)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now