CVE-2009-3289

The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
gnomeglib
2.0
opensuseopensuse
11.0
opensuseopensuse
11.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glib2.0
bullseye
2.66.8-1+deb11u4
fixed
etch
no-dsa
bullseye (security)
2.66.8-1+deb11u3
fixed
bookworm
2.74.6-2+deb12u3
fixed
bookworm (security)
2.74.6-2+deb12u2
fixed
sid
2.82.2-2
fixed
trixie
2.82.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
glib2.0
jaunty
Fixed 2.20.1-0ubuntu2.1
released
intrepid
Fixed 2.18.2-0ubuntu2.2
released
hardy
Fixed 2.16.6-0ubuntu1.2
released
dapper
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
http://secunia.com/advisories/39656
http://www.openwall.com/lists/oss-security/2009/09/08/8
http://www.vupen.com/english/advisories/2010/1001
https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/418135
https://bugzilla.gnome.org/show_bug.cgi?id=593406
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
http://secunia.com/advisories/39656
http://www.openwall.com/lists/oss-security/2009/09/08/8
http://www.vupen.com/english/advisories/2010/1001
https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/418135
https://bugzilla.gnome.org/show_bug.cgi?id=593406