XFS ACL 'setfacl' and 'getfacl' Symbolic Link Handling Security Bypass Vulnerability

Bugtraq ID: 37455
Class: Design Error
CVE: CVE-2009-4411
Remote: No
Local: Yes
Published: Dec 23 2009 12:00AM
Updated: Dec 24 2014 12:54AM
Credit: Johan Ymerson
Vulnerable: XFS.org ACL 2.2.47
XFS.org ACL 2.2.46
SuSE SUSE Linux Enterprise 11
Slackware Linux x86_64 -current
Slackware Linux 13.1 x86_64
Slackware Linux 13.1
Slackware Linux 13.0 x86_64
Slackware Linux 13.0
Slackware Linux 12.2
Slackware Linux 12.1
Slackware Linux 12.0
Slackware Linux 11.0
Slackware Linux -current
S.u.S.E. openSUSE 11.1
S.u.S.E. openSUSE 11.0
Mandriva Linux Mandrake 2010.0 x86_64
Mandriva Linux Mandrake 2010.0
Mandriva Linux Mandrake 2009.1 x86_64
Mandriva Linux Mandrake 2009.1
Mandriva Linux Mandrake 2009.0 x86_64
Mandriva Linux Mandrake 2009.0
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
Gentoo Linux
Not Vulnerable: XFS.org ACL 2.2.48


 

Privacy Statement
Copyright 2010, SecurityFocus