CVE-2013-2207

Sažetak

pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.

Reference

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
http://secunia.com/advisories/55113
http://www.mandriva.com/security/advisories?name=MDVSA-2013:283
http://www.ubuntu.com/usn/USN-2985-1
http://www.ubuntu.com/usn/USN-2985-2
https://bugzilla.redhat.com/show_bug.cgi?id=976408
https://security.gentoo.org/glsa/201503-04
https://sourceware.org/bugzilla/show_bug.cgi?id=15755
https://sourceware.org/ml/libc-alpha/2013-08/msg00160.html

CVSS

Base:	2.6
Impact:	4.9
Exploitability:	1.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:L/AC:H/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

01-07-2017 - 01:29

Objavljeno

09-10-2013 - 22:55