Published: 22/09/2009 Updated: 08/02/2024

CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 392

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnome glib 2.0
opensuse opensuse 11.1
opensuse opensuse 11.0
suse suse linux enterprise server 11

Arand Nash discovered that applications linked to GLib (eg Nautilus) did not correctly copy symlinks If a user copied symlinks with GLib, the symlink target files would become world-writable, allowing local attackers to gain access to potentially sensitive information ...

CWE-732 https://bugzilla.gnome.org/show_bug.cgi?id=593406 https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/418135 http://www.openwall.com/lists/oss-security/2009/09/08/8 http://www.vupen.com/english/advisories/2010/1001 http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html http://secunia.com/advisories/39656 https://usn.ubuntu.com/841-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-3289

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect