Rapid7 Vulnerability & Exploit Database

RHSA-2003:015: Updated fileutils package fixes race condition in recursive operations

Back to Search

RHSA-2003:015: Updated fileutils package fixes race condition in recursive operations

Severity
1
CVSS
(AV:L/AC:H/Au:N/C:N/I:P/A:N)
Published
07/26/2002
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

New fileutils packages for Red Hat Linux 6.2, 7.0, 7.1, 7.2 and 7.3 fix a race condition in recursive remove and move commands. [Updated 16 April 2003] Added packages for Red Hat Linux on IBM iSeries and pSeries systems.

The fileutils package includes a number of GNU versions of common and popular file management utilities. A race condition in the recursive use of 'rm' and 'mv' in fileutils 4.1 and earlier could allow local users to delete files and directories (as the user running fileutils) if the user has write access to part of the tree being moved or deleted. Red Hat Linux versions 6.2, 7, 7.1, 7.2, and 7.3 shipped with versions of fileutils that are vulnerable to this issue. This erratum provides new fileutils packages that contain a patch correcting this issue.

Solution(s)

  • redhat-upgrade-fileutils

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;