CVE-2002-0435

2003-04-0205:00:00

mitre

web.nvd.nist.gov

gnu file utilities

cve-2002-0435

race condition

directory deletion

unauthorized access

CVSS2

1.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

Low

EPSS

Percentile

5.1%

JSON

Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a “…” directory that is higher than expected, possibly up to the root file system.

Affected configurations

Nvd

Node

gnufileutilsMatch4.0

gnufileutilsMatch4.1

gnufileutilsMatch4.1.6

VendorProductVersionCPE
gnufileutils4.0cpe:2.3:a:gnu:fileutils:4.0:*:*:*:*:*:*:*
gnufileutils4.1cpe:2.3:a:gnu:fileutils:4.1:*:*:*:*:*:*:*
gnufileutils4.1.6cpe:2.3:a:gnu:fileutils:4.1.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnu	fileutils	4.0	cpe:2.3:a:gnu:fileutils:4.0:::::::*
gnu	fileutils	4.1	cpe:2.3:a:gnu:fileutils:4.1:::::::*
gnu	fileutils	4.1.6	cpe:2.3:a:gnu:fileutils:4.1.6:::::::*