CVE-2002-0435

Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system.

Published: 2002-07-26 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2002-0435 is rated Low Risk (14/100): CVSS Low severity, with low exploitation likelihood (EPSS 0.34%). Mandatory action: Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2002-0435

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.07% 0.34% +0.26%
2 2025-03-17 0.04% 0.07% +0.03%
3 2023-03-07 0.04%

Full EPSS history (4 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2002-0435

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
1.2 2.0 LOW
AV:L/AC:H/Au:N/C:N/I:P/A:N Click to expand
Access vector (AV:L)
Requires local access to the target system.
Access complexity (AC:H)
Exploitation requires uncommon or highly specific conditions.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:N)
No availability impact.
1.9 2.9 [email protected]

Weakness enumeration for CVE-2002-0435

OS Trackers for CVE-2002-0435

vendor priority summary link
redhat low https://access.redhat.com/security/cve/CVE-2002-0435
ubuntu low CVE-2002-0435 low priority: Ubuntu including 1 source packages (coreutils), 6 status rows across 6 suites (hardy, lucid, natty, oneiric, precise, upstream): not-affected 5, released 1. https://ubuntu.com/security/CVE-2002-0435

Affected software / configurations for CVE-2002-0435

Vendor Product Version Raw CPE
gnu fileutils 4.0 cpe:2.3:a:gnu:fileutils:4.0:*:*:*:*:*:*:*
gnu fileutils 4.1 cpe:2.3:a:gnu:fileutils:4.1:*:*:*:*:*:*:*
gnu fileutils 4.1.6 cpe:2.3:a:gnu:fileutils:4.1.6:*:*:*:*:*:*:*

References for CVE-2002-0435

cvelogic Threat Intelligence