CVE-2013-4235

EUVD-2013-4139
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees
TOCTOU
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.7 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Affected Products (NVD)
VendorProductVersion
debianshadow
-
debiandebian_linux
8.0
debiandebian_linux
9.0
debiandebian_linux
10.0
redhatenterprise_linux
6.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
shadow
bookworm
1:4.13+dfsg1-1
fixed
bullseye
unimportant
sid
1:4.16.0-4
fixed
trixie
1:4.16.0-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
shadow
artful
ignored
bionic
needed
cosmic
ignored
disco
ignored
eoan
ignored
focal
needed
groovy
ignored
hirsute
ignored
impish
ignored
jammy
Fixed 1:4.8.1-2ubuntu2.1
released
kinetic
Fixed 1:4.11.1+dfsg1-2ubuntu1.1
released
lucid
ignored
lunar
not-affected
mantic
not-affected
noble
not-affected
precise
ignored
trusty
needed
utopic
ignored
vivid
ignored
wily
ignored
xenial
needed
yakkety
ignored
zesty
ignored
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/cve-2013-4235
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2013-4235
https://security.gentoo.org/glsa/202210-26
https://access.redhat.com/security/cve/cve-2013-4235
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2013-4235
https://security.gentoo.org/glsa/202210-26