Vulnerabilities > CVE-2002-0435 - Unspecified vulnerability in GNU Fileutils 4.0/4.1/4.1.6
Attack vector
LOCAL Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2002-031.NASL description Wojciech Purczynski reported a race condition in some utilities in the GNU fileutils package that may cause root to delete the entire filesystem. This only affects version 4.1 stable and 4.1.6 development versions, and the authors have fixed this in the latest development version. last seen 2020-06-01 modified 2020-06-02 plugin id 13937 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13937 title Mandrake Linux Security Advisory : fileutils (MDKSA-2002:031) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2002:031. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(13937); script_version ("1.18"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2002-0435"); script_xref(name:"MDKSA", value:"2002:031"); script_name(english:"Mandrake Linux Security Advisory : fileutils (MDKSA-2002:031)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandrake Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "Wojciech Purczynski reported a race condition in some utilities in the GNU fileutils package that may cause root to delete the entire filesystem. This only affects version 4.1 stable and 4.1.6 development versions, and the authors have fixed this in the latest development version." ); script_set_attribute( attribute:"see_also", value:"https://isec.pl/en/vulnerabilities/0002.txt" ); script_set_attribute( attribute:"see_also", value:"http://mail.gnu.org/pipermail/bug-fileutils/2002-March/002440.html" ); script_set_attribute( attribute:"solution", value:"Update the affected fileutils package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:fileutils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2"); script_set_attribute(attribute:"patch_publication_date", value:"2002/05/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"fileutils-4.1-4.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"fileutils-4.1.5-4.1mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-016.NASL description Updated fileutils packages are available which fix a race condition in recursive remove and move commands. The fileutils package includes a number of GNU versions of common and popular file management utilities. A race condition in recursive use of rm and mv commands in fileutils 4.1 and earlier could allow local users to delete files and directories as the user running fileutils if the user has write access to part of the tree being moved or deleted. In addition, a bug in the way that the chown command parses --from options has also been fixed in these packages, bringing the command into Linux Standard Base (LSB) compliance. Users of Red Hat Linux Advanced Server should install the upgraded fileutils packages which contain patches to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 12352 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12352 title RHEL 2.1 : fileutils (RHSA-2003:016) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2003:016. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(12352); script_version ("1.24"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2002-0435"); script_xref(name:"RHSA", value:"2003:016"); script_name(english:"RHEL 2.1 : fileutils (RHSA-2003:016)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated fileutils packages are available which fix a race condition in recursive remove and move commands. The fileutils package includes a number of GNU versions of common and popular file management utilities. A race condition in recursive use of rm and mv commands in fileutils 4.1 and earlier could allow local users to delete files and directories as the user running fileutils if the user has write access to part of the tree being moved or deleted. In addition, a bug in the way that the chown command parses --from options has also been fixed in these packages, bringing the command into Linux Standard Base (LSB) compliance. Users of Red Hat Linux Advanced Server should install the upgraded fileutils packages which contain patches to correct these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2002-0435" ); # http://online.securityfocus.com/archive/1/260936 script_set_attribute( attribute:"see_also", value:"https://online.securityfocus.com/archive/1/260936" ); # http://mail.gnu.org/archive/html/bug-fileutils/2002-03/msg00028.html script_set_attribute( attribute:"see_also", value:"http://lists.gnu.org/archive/html/bug-fileutils/2002-03/msg00028.html" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2003:016" ); script_set_attribute( attribute:"solution", value:"Update the affected fileutils package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:fileutils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/07/26"); script_set_attribute(attribute:"patch_publication_date", value:"2003/02/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2003:016"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"fileutils-4.1-10.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "fileutils"); } }
Redhat
| advisories |
|
References
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-018.1.txt
- http://mail.gnu.org/archive/html/bug-fileutils/2002-03/msg00028.html
- http://www.iss.net/security_center/static/8432.php
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-031.php
- http://www.redhat.com/support/errata/RHSA-2003-015.html
- http://www.redhat.com/support/errata/RHSA-2003-016.html
- http://www.securityfocus.com/archive/1/260936
- http://www.securityfocus.com/bid/4266