Vulnerability Details : CVE-2013-2207
pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
Exploit prediction scoring system (EPSS) score for CVE-2013-2207
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-2207
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.6
|
LOW | AV:L/AC:H/Au:N/C:P/I:P/A:N |
1.9
|
4.9
|
NIST |
CWE ids for CVE-2013-2207
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-2207
-
https://sourceware.org/ml/libc-alpha/2013-08/msg00160.html
David Miller - The GNU C Library version 2.18 is now available
-
https://bugzilla.redhat.com/show_bug.cgi?id=976408
976408 – (CVE-2013-2207) CVE-2013-2207 glibc (pt_chown): Improper pseudotty ownership and permissions changes when granting access to the slave pseudoterminalPatch
-
http://www.ubuntu.com/usn/USN-2985-1
USN-2985-1: GNU C Library vulnerabilities | Ubuntu security notices
-
https://security.gentoo.org/glsa/201503-04
GNU C Library: Multiple vulnerabilities (GLSA 201503-04) — Gentoo security
-
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html
[security-announce] SUSE-SU-2015:1424-1: important: Security update for
-
http://www.mandriva.com/security/advisories?name=MDVSA-2013:283
mandriva.com
-
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
[security-announce] SUSE-SU-2016:0470-1: important: Security update for
-
https://sourceware.org/bugzilla/show_bug.cgi?id=15755
15755 – (CVE-2013-2207) CVE-2013-2207: pt_chown tricked into granting access to another users pseudo-terminalPatch
-
http://www.ubuntu.com/usn/USN-2985-2
USN-2985-2: GNU C Library regression | Ubuntu security notices
Products affected by CVE-2013-2207
- cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*