Launchpad CVE tracker

CVE 2009-3289

The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory.

Related bugs and status

CVE-2009-3289 (Candidate) is related to these bugs:

Bug #418135: Permissions of symlinked source file/folder set to 777 if symlink is copied via nautilus

		In	Importance	Status
418135	Permissions of symlinked source file/folder set to 777 if symlink is copied via nautilus	glib2.0 (Ubuntu)	Medium	Fix Released
418135	Permissions of symlinked source file/folder set to 777 if symlink is copied via nautilus	Nautilus	Critical	Fix Released
418135	Permissions of symlinked source file/folder set to 777 if symlink is copied via nautilus	glib2.0 (Ubuntu Hardy)	Medium	Fix Released
418135	Permissions of symlinked source file/folder set to 777 if symlink is copied via nautilus	glib2.0 (Ubuntu Intrepid)	Medium	Fix Released
418135	Permissions of symlinked source file/folder set to 777 if symlink is copied via nautilus	glib2.0 (Ubuntu Karmic)	Medium	Fix Released
418135	Permissions of symlinked source file/folder set to 777 if symlink is copied via nautilus	glib2.0 (Ubuntu Jaunty)	Medium	Fix Released
418135	Permissions of symlinked source file/folder set to 777 if symlink is copied via nautilus	glib2.0 (Ubuntu Dapper)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-3289

References