[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253164

 
 

909

 
 

197077

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-2207Date: (C)2013-10-10   (M)2023-12-22


pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.6
Exploit Score: 1.9
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECUNIA-55113
GLSA-201503-04
MDVSA-2013:283
SUSE-SU-2015:1424
SUSE-SU-2016:0470
USN-2985-1
USN-2985-2
https://sourceware.org/ml/libc-alpha/2013-08/msg00160.html
https://bugzilla.redhat.com/show_bug.cgi?id=976408
https://sourceware.org/bugzilla/show_bug.cgi?id=15755

CPE    28
cpe:/a:gnu:glibc:2.1.9
cpe:/a:gnu:glibc:2.1
cpe:/a:gnu:glibc:2.0
cpe:/a:gnu:glibc:2.1.2
...
CWE    1
CWE-264
OVAL    8
oval:org.secpod.oval:def:703131
oval:org.secpod.oval:def:89045400
oval:org.secpod.oval:def:52777
oval:org.secpod.oval:def:105856
...

© SecPod Technologies