CVE-2013-4235 : shadow: TOCTOU (time-of-check time-of-use) race condition when copying and remov

shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

Published 2019-12-03 15:15:11

Updated 2023-02-13 00:28:41

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2013-4235

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Debian » Shadow » Version: N/A
cpe:2.3:a:debian:shadow:-:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 5
cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 17
cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 16
cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
Matching versions

Top countries where our scanners detected CVE-2013-4235

Top open port discovered on systems with this issue 53

IPs affected by CVE-2013-4235 20,404

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2013-4235!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 16 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.3	LOW	AV:L/AC:M/Au:N/C:N/I:P/A:P	3.4	4.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial
4.7	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N	1.0	3.6	NIST
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None

CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

Assigned by: nvd@nist.gov (Primary)

https://security-tracker.debian.org/tracker/CVE-2013-4235

CVE-2013-4235
Third Party Advisory
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

[jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar-Apache Mail Archives

CVEs referencing this url
https://security.gentoo.org/glsa/202210-26

Shadow: TOCTOU Race (GLSA 202210-26) — Gentoo security
Third Party Advisory
https://access.redhat.com/security/cve/cve-2013-4235

CVE-2013-4235- Red Hat Customer Portal
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235

884658 – (CVE-2013-4235) CVE-2013-4235 shadow-utils: TOCTOU race conditions by copying and removing directory trees
Issue Tracking;Third Party Advisory

Jump to