Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2002-0435

Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system.

Published

2002-07-26T04:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 1.2 (LOW)

CVSSv2 Vector

AV:L/AC:H/Au:N/C:N/I:P/A:N

Access Vector: LOCAL
Access Complexity: HIGH
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

1.9

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnu	fileutils	4.0	Yes
Application	gnu	fileutils	4.1	Yes
Application	gnu	fileutils	4.1.6	Yes

References

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-018.1.txt Patch, Vendor Advisory ([email protected])
http://mail.gnu.org/archive/html/bug-fileutils/2002-03/msg00028.html ([email protected])
http://www.iss.net/security_center/static/8432.php Patch, Vendor Advisory ([email protected])
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-031.php ([email protected])
http://www.redhat.com/support/errata/RHSA-2003-015.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2003-016.html ([email protected])
http://www.securityfocus.com/archive/1/260936 Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/4266 Patch, Vendor Advisory ([email protected])
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-018.1.txt Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://mail.gnu.org/archive/html/bug-fileutils/2002-03/msg00028.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.iss.net/security_center/static/8432.php Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-031.php (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2003-015.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2003-016.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/260936 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/4266 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)