CVE-2013-4235

shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees
TOCTOU
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.7 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
debianshadow
-
debiandebian_linux
8.0
debiandebian_linux
9.0
debiandebian_linux
10.0
redhatenterprise_linux
6.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
shadow
bullseye
unimportant
bookworm
1:4.13+dfsg1-1
fixed
sid
1:4.16.0-4
fixed
trixie
1:4.16.0-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
shadow
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
Fixed 1:4.11.1+dfsg1-2ubuntu1.1
released
jammy
Fixed 1:4.8.1-2ubuntu2.1
released
impish
ignored
hirsute
ignored
groovy
ignored
focal
needed
eoan
ignored
disco
ignored
cosmic
ignored
bionic
needed
artful
ignored
zesty
ignored
yakkety
ignored
xenial
needed
wily
ignored
vivid
ignored
utopic
ignored
trusty
needed
precise
ignored
lucid
ignored
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/cve-2013-4235
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2013-4235
https://security.gentoo.org/glsa/202210-26
https://access.redhat.com/security/cve/cve-2013-4235
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2013-4235
https://security.gentoo.org/glsa/202210-26