CVE-2013-2207

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2013-2207
pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.

2.6 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:H/Au:N/C:P/I:P/A:N

Exploitability : 1.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
https://sourceware.org/ml/libc-alpha/2013-08/msg00160.html
https://bugzilla.redhat.com/show_bug.cgi?id=976408 Patch
https://sourceware.org/bugzilla/show_bug.cgi?id=15755 Patch
http://secunia.com/advisories/55113
http://www.mandriva.com/security/advisories?name=MDVSA-2013:283
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
http://www.ubuntu.com/usn/USN-2985-2
http://www.ubuntu.com/usn/USN-2985-1
https://security.gentoo.org/glsa/201503-04
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
Information

Published : 2013-10-09 15:55

Updated : 2017-06-30 18:29

NVD link : CVE-2013-2207

Mitre link : CVE-2013-2207

JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa
Products Affected

fedoraproject

  • fedora

gnu

  • glibc