CVE-2007-0895

{"id": "CVE-2007-0895", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 1.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-02-13T01:28:00.000", "references": [{"url": "http://secunia.com/advisories/24082", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24405", "source": "cve@mitre.org"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102782-1", "source": "cve@mitre.org"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-102.htm", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/31880", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0543", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32399", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8272", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24082", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24405", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102782-1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-102.htm", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/31880", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/0543", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32399", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8272", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a \"..\" directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435."}, {"lang": "es", "value": "Condici\u00f3n de carrera en el borrado de directorios recursivo con las opciones (1) -r o (2) -R en Solaris 8 hasta 10 anterior al 08/02/2007 permite a usuarios locales borrar ficheros y directorios como el usuario que est\u00e1 ejecutando rm movi\u00e9ndose de directorio de bajo nivel a uno de mayor nivel mientras est\u00e1 siendo borrado, lo cual provoca que rm haga un chdir al directorio \"..\" que es de mayor nivel que lo esperado, posiblemente fuera del sistema de ficheros de root, un asunto relacionado con CVE-2002-0435."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A711CDC2-412C-499D-9FA6-7F25B06267C6"}, {"criteria": "cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BF232A9-9E0A-481E-918D-65FC82EF36D8"}, {"criteria": "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2475113-CFE4-41C8-A86F-F2DA6548D224"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}