CVE-2013-2207

pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.6 UNKNOWN
LOCAL
HIGH
AV:L/AC:H/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Affected Products (NVD)
VendorProductVersion
gnuglibc
𝑥
≤ 2.17
gnuglibc
2.0
gnuglibc
2.0.1
gnuglibc
2.0.2
gnuglibc
2.0.3
gnuglibc
2.0.4
gnuglibc
2.0.5
gnuglibc
2.0.6
gnuglibc
2.1
gnuglibc
2.1.1
gnuglibc
2.1.1.6
gnuglibc
2.1.2
gnuglibc
2.1.3
gnuglibc
2.1.9
gnuglibc
2.10.1
gnuglibc
2.11
gnuglibc
2.11.1
gnuglibc
2.11.2
gnuglibc
2.11.3
gnuglibc
2.12.1
gnuglibc
2.12.2
gnuglibc
2.13
gnuglibc
2.14
gnuglibc
2.14.1
gnuglibc
2.15
gnuglibc
2.16
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glibc
bookworm
2.36-9+deb12u8
fixed
bookworm (security)
2.36-9+deb12u7
fixed
bullseye
2.31-13+deb11u11
fixed
bullseye (security)
2.31-13+deb11u10
fixed
sid
2.40-3
fixed
squeeze
no-dsa
trixie
2.40-3
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
eglibc
precise
Fixed 2.15-0ubuntu10.14
released
trusty
Fixed 2.19-0ubuntu6.8
released
vivid
dne
wily
dne
xenial
dne
yakkety
dne
zesty
dne
glibc
precise
dne
trusty
dne
vivid
ignored
wily
Fixed 2.21-0ubuntu4.2
released
xenial
not-affected
yakkety
not-affected
zesty
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
glibc
suse enterprise desktop 15
2.26-11.8
fixed
suse enterprise desktop 15 SP1
2.26-13.19.1
fixed
suse enterprise sap 12 SP5
2.22-100.15.4
fixed
suse enterprise sap 15
2.26-11.8
fixed
suse enterprise sap 15 SP1
2.26-13.19.1
fixed
suse enterprise server 12 SP5
2.22-100.15.4
fixed
suse enterprise server 15
2.26-11.8
fixed
suse enterprise server 15 SP1
2.26-13.19.1
fixed
glibc-32bit
suse enterprise desktop 15
2.26-11.8
fixed
suse enterprise desktop 15 SP1
2.26-13.19.1
fixed
suse enterprise desktop 15 SP2
2.26-8.21
fixed
suse enterprise sap 12 SP5
2.22-100.15.4
fixed
suse enterprise sap 15
2.26-11.8
fixed
suse enterprise sap 15 SP1
2.26-13.19.1
fixed
suse enterprise sap 15 SP2
2.26-8.21
fixed
suse enterprise server 12 SP5
2.22-100.15.4
fixed
suse enterprise server 15
2.26-11.8
fixed
suse enterprise server 15 SP1
2.26-13.19.1
fixed
suse enterprise server 15 SP2
2.26-8.21
fixed
glibc-devel
suse enterprise desktop 15
2.26-11.8
fixed
suse enterprise desktop 15 SP1
2.26-13.19.1
fixed
suse enterprise sap 12 SP5
2.22-100.15.4
fixed
suse enterprise sap 15
2.26-11.8
fixed
suse enterprise sap 15 SP1
2.26-13.19.1
fixed
suse enterprise server 12 SP5
2.22-100.15.4
fixed
suse enterprise server 15
2.26-11.8
fixed
suse enterprise server 15 SP1
2.26-13.19.1
fixed
glibc-devel-32bit
suse enterprise desktop 15
2.26-11.8
fixed
suse enterprise desktop 15 SP1
2.26-8.21
fixed
suse enterprise sap 12 SP5
2.22-100.15.4
fixed
suse enterprise sap 15
2.26-11.8
fixed
suse enterprise sap 15 SP1
2.26-8.21
fixed
suse enterprise server 12 SP5
2.22-100.15.4
fixed
suse enterprise server 15
2.26-11.8
fixed
suse enterprise server 15 SP1
2.26-8.21
fixed
glibc-devel-static
suse enterprise desktop 15
2.26-11.8
fixed
suse enterprise desktop 15 SP1
2.26-13.19.1
fixed
suse enterprise sap 15
2.26-11.8
fixed
suse enterprise sap 15 SP1
2.26-13.19.1
fixed
suse enterprise server 15
2.26-11.8
fixed
suse enterprise server 15 SP1
2.26-13.19.1
fixed
glibc-extra
suse enterprise desktop 15
2.26-11.8
fixed
suse enterprise desktop 15 SP1
2.26-13.19.1
fixed
suse enterprise sap 15
2.26-11.8
fixed
suse enterprise sap 15 SP1
2.26-13.19.1
fixed
suse enterprise server 15
2.26-11.8
fixed
suse enterprise server 15 SP1
2.26-13.19.1
fixed
glibc-html
suse enterprise sap 12 SP5
2.22-100.15.4
fixed
suse enterprise server 12 SP5
2.22-100.15.4
fixed
glibc-i18ndata
suse enterprise desktop 15
2.26-11.8
fixed
suse enterprise desktop 15 SP1
2.26-13.19.1
fixed
suse enterprise sap 12 SP5
2.22-100.15.4
fixed
suse enterprise sap 15
2.26-11.8
fixed
suse enterprise sap 15 SP1
2.26-13.19.1
fixed
suse enterprise server 12 SP5
2.22-100.15.4
fixed
suse enterprise server 15
2.26-11.8
fixed
suse enterprise server 15 SP1
2.26-13.19.1
fixed
glibc-info
suse enterprise desktop 15
2.26-11.8
fixed
suse enterprise desktop 15 SP1
2.26-13.19.1
fixed
suse enterprise sap 12 SP5
2.22-100.15.4
fixed
suse enterprise sap 15
2.26-11.8
fixed
suse enterprise sap 15 SP1
2.26-13.19.1
fixed
suse enterprise server 12 SP5
2.22-100.15.4
fixed
suse enterprise server 15
2.26-11.8
fixed
suse enterprise server 15 SP1
2.26-13.19.1
fixed
glibc-locale
suse enterprise desktop 15
2.26-11.8
fixed
suse enterprise desktop 15 SP1
2.26-13.19.1
fixed
suse enterprise sap 12 SP5
2.22-100.15.4
fixed
suse enterprise sap 15
2.26-11.8
fixed
suse enterprise sap 15 SP1
2.26-13.19.1
fixed
suse enterprise server 12 SP5
2.22-100.15.4
fixed
suse enterprise server 15
2.26-11.8
fixed
suse enterprise server 15 SP1
2.26-13.19.1
fixed
glibc-locale-32bit
suse enterprise desktop 15
2.26-11.8
fixed
suse enterprise desktop 15 SP1
2.26-8.21
fixed
suse enterprise desktop 15 SP2
2.26-8.21
fixed
suse enterprise sap 12 SP5
2.22-100.15.4
fixed
suse enterprise sap 15
2.26-11.8
fixed
suse enterprise sap 15 SP1
2.26-8.21
fixed
suse enterprise sap 15 SP2
2.26-8.21
fixed
suse enterprise server 12 SP5
2.22-100.15.4
fixed
suse enterprise server 15
2.26-11.8
fixed
suse enterprise server 15 SP1
2.26-8.21
fixed
suse enterprise server 15 SP2
2.26-8.21
fixed
glibc-locale-base
suse enterprise desktop 15 SP1
2.26-13.19.1
fixed
suse enterprise sap 15 SP1
2.26-13.19.1
fixed
suse enterprise server 15 SP1
2.26-13.19.1
fixed
glibc-profile
suse enterprise desktop 15
2.26-11.8
fixed
suse enterprise desktop 15 SP1
2.26-13.19.1
fixed
suse enterprise sap 12 SP5
2.22-100.15.4
fixed
suse enterprise sap 15
2.26-11.8
fixed
suse enterprise sap 15 SP1
2.26-13.19.1
fixed
suse enterprise server 12 SP5
2.22-100.15.4
fixed
suse enterprise server 15
2.26-11.8
fixed
suse enterprise server 15 SP1
2.26-13.19.1
fixed
glibc-profile-32bit
suse enterprise sap 12 SP5
2.22-100.15.4
fixed
suse enterprise server 12 SP5
2.22-100.15.4
fixed
glibc-utils
suse enterprise desktop 15
2.26-11.8
fixed
suse enterprise desktop 15 SP1
2.26-13.19.1
fixed
suse enterprise sap 15
2.26-11.8
fixed
suse enterprise sap 15 SP1
2.26-13.19.1
fixed
suse enterprise server 15
2.26-11.8
fixed
suse enterprise server 15 SP1
2.26-13.19.1
fixed
nscd
suse enterprise desktop 15
2.26-11.8
fixed
suse enterprise desktop 15 SP1
2.26-13.19.1
fixed
suse enterprise sap 12 SP5
2.22-100.15.4
fixed
suse enterprise sap 15
2.26-11.8
fixed
suse enterprise sap 15 SP1
2.26-13.19.1
fixed
suse enterprise server 12 SP5
2.22-100.15.4
fixed
suse enterprise server 15
2.26-11.8
fixed
suse enterprise server 15 SP1
2.26-13.19.1
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
http://secunia.com/advisories/55113
http://www.mandriva.com/security/advisories?name=MDVSA-2013:283
http://www.ubuntu.com/usn/USN-2985-1
http://www.ubuntu.com/usn/USN-2985-2
https://bugzilla.redhat.com/show_bug.cgi?id=976408
https://security.gentoo.org/glsa/201503-04
https://sourceware.org/bugzilla/show_bug.cgi?id=15755
https://sourceware.org/ml/libc-alpha/2013-08/msg00160.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
http://secunia.com/advisories/55113
http://www.mandriva.com/security/advisories?name=MDVSA-2013:283
http://www.ubuntu.com/usn/USN-2985-1
http://www.ubuntu.com/usn/USN-2985-2
https://bugzilla.redhat.com/show_bug.cgi?id=976408
https://security.gentoo.org/glsa/201503-04
https://sourceware.org/bugzilla/show_bug.cgi?id=15755
https://sourceware.org/ml/libc-alpha/2013-08/msg00160.html