ID CVE-2007-0895
Summary Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435.
References
Vulnerable Configurations
  • cpe:2.3:o:sun:solaris:9.0:-:sparc
    cpe:2.3:o:sun:solaris:9.0:-:sparc
  • cpe:2.3:o:sun:solaris:10.0:-:sparc
    cpe:2.3:o:sun:solaris:10.0:-:sparc
  • Sun SunOS (Solaris 8) 5.8
    cpe:2.3:o:sun:sunos:5.8
CVSS
Base: 2.6 (as of 13-02-2007 - 17:16)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL PARTIAL
nessus via4
oval via4
accepted 2007-09-10T14:45:27.362-04:00
class vulnerability
contributors
name Todd Dolinsky
organization Opsware, Inc.
definition_extensions
  • comment Solaris 8 (SPARC) is installed
    oval oval:org.mitre.oval:def:1539
  • comment Solaris 9 (SPARC) is installed
    oval oval:org.mitre.oval:def:1457
  • comment Solaris 10 (SPARC) is installed
    oval oval:org.mitre.oval:def:1440
  • comment Solaris 8 (x86) is installed
    oval oval:org.mitre.oval:def:2059
  • comment Solaris 9 (x86) is installed
    oval oval:org.mitre.oval:def:1683
  • comment Solaris 10 (x86) is installed
    oval oval:org.mitre.oval:def:1926
description Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435.
family unix
id oval:org.mitre.oval:def:8272
status accepted
submitted 2007-08-06T11:50:11.000-04:00
title Security Vulnerability in rm(1) may Lead to Unauthorized Deletion of Files or Directories
version 31
refmap via4
confirm http://support.avaya.com/elmodocs2/security/ASA-2007-102.htm
osvdb 31880
secunia
  • 24082
  • 24405
sunalert 102782
vupen ADV-2007-0543
xf solaris-rm-dos(32399)
Last major update 07-03-2011 - 21:50
Published 12-02-2007 - 20:28
Last modified 30-10-2018 - 12:25
Back to Top