Glib 2.0 Permission Misconfiguration Leads to Elevated User Access
CVE-2009-3289

7.8HIGH

Key Information:

Vendor
Gnome
Status
Glib
Vendor
CVE Published:
22 September 2009

Summary

The g_file_copy function in Glib 2.0 improperly sets the permissions of a target file to that of a symbolic link, typically granting overly permissive access (777). This flaw enables local users, when aided by specific actions, to alter or modify files belonging to other users. This behavior has been exemplified in practical scenarios, including the use of Nautilus to change permissions on user home directories, potentially exposing sensitive data and compromising user privacy.

References

https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/41...
x_refsource_CONFIRM
http://secunia.com/advisories/39656
third-party-advisoryx_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2010...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2009-3289 : Glib 2.0 Permission Misconfiguration Leads to Elevated User Access | SecurityVulnerability.io