Unrated severityNVD Advisory· Published Jul 26, 2002· Updated Apr 16, 2026

CVE-2002-0435

Description

Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system.

Affected products

GNU/Fileutils3 versions
cpe:2.3:a:gnu:fileutils:4.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:gnu:fileutils:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:fileutils:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:fileutils:4.1.6:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-018.1.txtnvdPatchVendor Advisory
www.iss.net/security_center/static/8432.phpnvdPatchVendor Advisory
www.securityfocus.com/bid/4266nvdPatchVendor Advisory
www.securityfocus.com/archive/1/260936nvdVendor Advisory
mail.gnu.org/archive/html/bug-fileutils/2002-03/msg00028.htmlnvd
www.linux-mandrake.com/en/security/2002/MDKSA-2002-031.phpnvd
www.redhat.com/support/errata/RHSA-2003-015.htmlnvd
www.redhat.com/support/errata/RHSA-2003-016.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000