CVE-2013-2207

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2013-2207
pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.

2.6 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:H/Au:N/C:P/I:P/A:N

Exploitability : 1.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
http://secunia.com/advisories/55113
http://www.mandriva.com/security/advisories?name=MDVSA-2013:283
http://www.ubuntu.com/usn/USN-2985-1
http://www.ubuntu.com/usn/USN-2985-2
https://bugzilla.redhat.com/show_bug.cgi?id=976408 Patch
https://security.gentoo.org/glsa/201503-04
https://sourceware.org/bugzilla/show_bug.cgi?id=15755 Patch
https://sourceware.org/ml/libc-alpha/2013-08/msg00160.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
http://secunia.com/advisories/55113
http://www.mandriva.com/security/advisories?name=MDVSA-2013:283
http://www.ubuntu.com/usn/USN-2985-1
http://www.ubuntu.com/usn/USN-2985-2
https://bugzilla.redhat.com/show_bug.cgi?id=976408 Patch
https://security.gentoo.org/glsa/201503-04
https://sourceware.org/bugzilla/show_bug.cgi?id=15755 Patch
https://sourceware.org/ml/libc-alpha/2013-08/msg00160.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
History

21 Nov 2024, 01:51

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html - () http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html -
References () http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html - () http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html -
References () http://secunia.com/advisories/55113 - () http://secunia.com/advisories/55113 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 - () http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 -
References () http://www.ubuntu.com/usn/USN-2985-1 - () http://www.ubuntu.com/usn/USN-2985-1 -
References () http://www.ubuntu.com/usn/USN-2985-2 - () http://www.ubuntu.com/usn/USN-2985-2 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=976408 - Patch () https://bugzilla.redhat.com/show_bug.cgi?id=976408 - Patch
References () https://security.gentoo.org/glsa/201503-04 - () https://security.gentoo.org/glsa/201503-04 -
References () https://sourceware.org/bugzilla/show_bug.cgi?id=15755 - Patch () https://sourceware.org/bugzilla/show_bug.cgi?id=15755 - Patch
References () https://sourceware.org/ml/libc-alpha/2013-08/msg00160.html - () https://sourceware.org/ml/libc-alpha/2013-08/msg00160.html -
Information

Published : 2013-10-09 22:55

Updated : 2025-04-11 00:51

NVD link : CVE-2013-2207

Mitre link : CVE-2013-2207

CVE.ORG link : CVE-2013-2207

JSON object : View

Products Affected

gnu

  • glibc

fedoraproject

  • fedora
CWE
CWE-264

Permissions, Privileges, and Access Controls