Mandriva Linux Security Advisory : acl (MDVSA-2009:345)
Low Nessus Plugin ID 43610
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability was discovered and corrected in acl :
The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in recursive (-R) mode, follow symbolic links even when the
--physical (aka -P) or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack (CVE-2009-4411).
This update provides a fix for this vulnerability.
SolutionUpdate the affected packages.