Computer Security
[EN] no-pyccku

setfacl / getfacl symbolic links vulnerability
SecurityVulns ID:10495
Threat Level:
Description:Symbolic links are followed on recursive operation.
CVE:CVE-2009-4411 (The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in recursive (-R) mode, follow symbolic links even when the --physical (aka -P) or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:345 ] acl (29.12.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod