Computer Security
[EN] securityvulns.ru no-pyccku


setfacl / getfacl symbolic links vulnerability
Published:29.12.2009
Source:
SecurityVulns ID:10495
Type:local
Threat Level:
4/10
Description:Symbolic links are followed on recursive operation.
CVE:CVE-2009-4411 (The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in recursive (-R) mode, follow symbolic links even when the --physical (aka -P) or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:345 ] acl (29.12.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod