CVE-2009-3289

7.8HIGH

Key Information:

Vendor: Gnome
Status: Glib
Vendor: CVE Published:; 22 September 2009

Summary

The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory.

References

https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/41...

x_refsource_CONFIRM

http://secunia.com/advisories/39656

third-party-advisoryx_refsource_SECUNIA

http://lists.opensuse.org/opensuse-security-announce/2010...

vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 22, 2009
Vulnerability Reserved
Sep 22, 2009

.