FreeBSD Security Advisory FreeBSD-SA-01:40 - The fts routines are vulnerable to a race condition when ascending a file hierarchy, which allows an attacker who has control over part of the hierarchy into which fts is descending to cause the application to ascend beyond the starting point of the file traversal, and enter other parts of the filesystem. If the fts routines are being used by an application to perform operations on the filesystem hierarchy, such as find(1) with a keyword such as -exec or -delete, or rm(1) with the -r flag, these operations can be incorrectly applied to files outside the intended hierarchy, which may result in system damage or compromise. All versions of FreeBSD prior to the correction date including 4.3-RELEASE are vulnerable to this problem.
1087d9a7ee3c61a0c63ce3f436fd87e2a0503f1603655ffc14376ef19a967eb0
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed