A race condition in recursive use of 'rm' and 'mv' in fileutils 4.1 and earlier could allow local users to delete files and directories as the user running fileutils if the user has write access to part of the tree being moved or deleted. Red Hat Linux Advanced Server shipped with versions of fileutils that are vulnerable to this issue. CAN-2002-0435 http://online.securityfocus.com/archive/1/260936 http://mail.gnu.org/archive/html/bug-fileutils/2002-03/msg00028.html
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2003-016.html