CVE-2013-2207

EUVD-2013-2162
pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.6 UNKNOWN
LOCAL
HIGH
AV:L/AC:H/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Affected Products (NVD)
VendorProductVersion
gnuglibc
𝑥
≤ 2.17
gnuglibc
2.0
gnuglibc
2.0.1
gnuglibc
2.0.2
gnuglibc
2.0.3
gnuglibc
2.0.4
gnuglibc
2.0.5
gnuglibc
2.0.6
gnuglibc
2.1
gnuglibc
2.1.1
gnuglibc
2.1.1.6
gnuglibc
2.1.2
gnuglibc
2.1.3
gnuglibc
2.1.9
gnuglibc
2.10.1
gnuglibc
2.11
gnuglibc
2.11.1
gnuglibc
2.11.2
gnuglibc
2.11.3
gnuglibc
2.12.1
gnuglibc
2.12.2
gnuglibc
2.13
gnuglibc
2.14
gnuglibc
2.14.1
gnuglibc
2.15
gnuglibc
2.16
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glibc
bookworm
2.36-9+deb12u8
fixed
bookworm (security)
2.36-9+deb12u7
fixed
bullseye
2.31-13+deb11u11
fixed
bullseye (security)
2.31-13+deb11u10
fixed
sid
2.40-3
fixed
squeeze
no-dsa
trixie
2.40-3
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
eglibc
precise
Fixed 2.15-0ubuntu10.14
released
trusty
Fixed 2.19-0ubuntu6.8
released
vivid
dne
wily
dne
xenial
dne
yakkety
dne
zesty
dne
glibc
precise
dne
trusty
dne
vivid
ignored
wily
Fixed 2.21-0ubuntu4.2
released
xenial
not-affected
yakkety
not-affected
zesty
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
http://secunia.com/advisories/55113
http://www.mandriva.com/security/advisories?name=MDVSA-2013:283
http://www.ubuntu.com/usn/USN-2985-1
http://www.ubuntu.com/usn/USN-2985-2
https://bugzilla.redhat.com/show_bug.cgi?id=976408
https://security.gentoo.org/glsa/201503-04
https://sourceware.org/bugzilla/show_bug.cgi?id=15755
https://sourceware.org/ml/libc-alpha/2013-08/msg00160.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
http://secunia.com/advisories/55113
http://www.mandriva.com/security/advisories?name=MDVSA-2013:283
http://www.ubuntu.com/usn/USN-2985-1
http://www.ubuntu.com/usn/USN-2985-2
https://bugzilla.redhat.com/show_bug.cgi?id=976408
https://security.gentoo.org/glsa/201503-04
https://sourceware.org/bugzilla/show_bug.cgi?id=15755
https://sourceware.org/ml/libc-alpha/2013-08/msg00160.html