CVE-2013-2207

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.

References

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html

http://secunia.com/advisories/55113

http://www.mandriva.com/security/advisories?name=MDVSA-2013:283

http://www.ubuntu.com/usn/USN-2985-1

http://www.ubuntu.com/usn/USN-2985-2

https://bugzilla.redhat.com/show_bug.cgi?id=976408

https://security.gentoo.org/glsa/201503-04

https://sourceware.org/bugzilla/show_bug.cgi?id=15755

https://sourceware.org/ml/libc-alpha/2013-08/msg00160.html

Details

Source: MITRE

Published: 2013-10-09

Updated: 2017-07-01

Type: CWE-264

Risk Information

CVSS v2

Base Score: 2.6

Vector: AV:L/AC:H/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 1.9

Severity: LOW

Tenable Plugins

View all (11 total)

IDNameProductFamilySeverity
127161NewStart CGSL MAIN 5.04 : glibc Multiple Vulnerabilities (NS-SA-2019-0012)NessusNewStart CGSL Local Security Checks
high
125004EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1551)NessusHuawei Local Security Checks
high
91341Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : eglibc, glibc regression (USN-2985-2)NessusUbuntu Local Security Checks
critical
91334Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : eglibc, glibc vulnerabilities (USN-2985-1)NessusUbuntu Local Security Checks
critical
88831SUSE SLES11 Security Update : glibc (SUSE-SU-2016:0470-1)NessusSuSE Local Security Checks
critical
85624SUSE SLED11 / SLES11 Security Update : glibc (SUSE-SU-2015:1424-1)NessusSuSE Local Security Checks
medium
81689GLSA-201503-04 : GNU C Library: Multiple vulnerabilities (GHOST)NessusGentoo Local Security Checks
high
75154openSUSE Security Update : glibc (openSUSE-SU-2013:1510-1)NessusSuSE Local Security Checks
high
71092Mandriva Linux Security Advisory : glibc (MDVSA-2013:283)NessusMandriva Local Security Checks
high
69784Fedora 18 : glibc-2.16-34.fc18 (2013-15072)NessusFedora Local Security Checks
low
69436Fedora 19 : glibc-2.17-13.fc19 (2013-15053)NessusFedora Local Security Checks
high