Candidate: CVE-2009-4411
PublicDate: 2009-12-24 16:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4411
Description:
 The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in
 recursive (-R) mode, follow symbolic links even when the --physical (aka
 -P) or -L option is specified, which might allow local users to modify the
 ACL for arbitrary files or directories via a symlink attack.
Ubuntu-Description:
Notes:
 sbeattie> hardy may not be needed, according to debian bug report the
 sbeattie> issue may have introduced in 2.2.46.
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499076
 http://savannah.nongnu.org/bugs/?28131
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_acl:
upstream_acl: needed
dapper_acl: ignored (reached end-of-life)
hardy_acl: ignored (reached end-of-life)
intrepid_acl: needed (reached end-of-life)
jaunty_acl: ignored (reached end-of-life)
karmic_acl: ignored (reached end-of-life)
lucid_acl: not-affected (2.2.49-2)
maverick_acl: not-affected (2.2.49-2)
natty_acl: not-affected (2.2.49-2)
oneiric_acl: not-affected (2.2.49-2)
precise_acl: not-affected (2.2.49-2)
quantal_acl: not-affected (2.2.49-2)
raring_acl: not-affected (2.2.49-2)
devel_acl: not-affected (2.2.49-2)