Note: This is an archival copy of Security Sun Alert 200540 as previously published on
Latest version of this security advisory is available from as Sun Alert 1000412.1.
Article ID : 1000412.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2003-08-04
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Sun Linux 5.0 Security Vulnerability in "fileutils" Package May Give Local Users Unauthorized Privileges


Release Phase

Sun Cobalt Qube 3 Server
Sun Cobalt RaQ XTR Server
Sun Cobalt RaQ 4 Server
Sun Cobalt RaQ 550 Server

Bug Id

Date of Resolved Release


A race condition in Sun Linux fileutils 4.1 and earlier versions may allow a local unprivileged user to delete files or directories owned by others.

This issue is described at:

Note: The Sun Linux fileutils 4.1 package includes a number of common and popular "GNU" file management utilities.

Contributing Factors

This issue can occur in the following releases:

Sun Linux Platform

  • Sun Linux 5.0 with fileutils 4.1 or earlier

Sun Cobalt Appliances

  • Qube3 with fileutils 4.1 or earlier
  • RaQ4 with fileutils 4.1 or earlier
  • RaQ550 with fileutils 4.1 or earlier
  • RaQXTR with fileutils 4.1 or earlier

The current version of the fileutils package can be found by running the following command:

    % rpm -q fileutils

Note: Sun Linux 5.0 is currently shipped with the Sun LX50 Server.


There are no predictable symptoms that would indicate the described issue has been exploited.


There is no workaround for this issue. Please see the Resolution section below.


This issue is addressed in the following releases:

Sun Linux Platform

  • Sun Linux 5.0 with fileutils 4.1-10.1 or later

Sun Linux patches are available at:

Sun Cobalt Appliances

Patches for Qube3, RaQ4, RaQ550 and RaQXTR are available at:

Modification History
Date: 13-APR-2005
  • State changed to Resolved

Date: 29-AUG-2003
  • Updated Resolution section

This solution has no attachment