CVE-2009-3289

Related Files

Ubuntu Security Notice 841-1

Posted Oct 6, 2009

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 841-1 - Arand Nash discovered that applications linked to GLib (e.g. Nautilus) did not correctly copy symlinks. If a user copied symlinks with GLib, the symlink target files would become world-writable, allowing local attackers to gain access to potentially sensitive information.

tags | advisory, local

systems | linux, ubuntu

advisories | CVE-2009-3289

SHA-256 | b17c57b39322b0668a28dff188e0f833a265e02c9fd772d12a1277c61008ab72

Download | Favorite | View

Mandriva Linux Security Advisory 2009-245

Posted Sep 24, 2009

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-245 - The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory. This update provides a solution to this vulnerability.

tags | advisory, local

systems | linux, mandriva

advisories | CVE-2009-3289

SHA-256 | b7303f77179201e87765e107657cd61646d6660cc3ab11a9bd0f445dc8c4fed0

Download | Favorite | View