CVE-2013-4327 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.9 UNKNOWN	LOCAL	MEDIUM		AV:L/AC:M/Au:N/C:C/I:C/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 9%

Affected Products (NVD)

Vendor	Product	Version
systemd_project	systemd	𝑥 ≤ 207
debian	debian_linux	7.0
canonical	ubuntu_linux	13.04

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

systemd

bookworm	252.30-1~deb12u2 fixed
bullseye	247.3-7+deb11u5 fixed
bullseye (security)	247.3-7+deb11u6 fixed
sid	256.7-3 fixed
trixie	256.7-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

systemd

lucid	dne
precise	dne
quantal	dne
raring	Fixed 198-0ubuntu11.2 released

Common Weakness Enumeration

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References

http://www.debian.org/security/2013/dsa-2777

http://www.openwall.com/lists/oss-security/2013/09/18/6

http://www.ubuntu.com/usn/USN-1961-1

https://bugzilla.redhat.com/show_bug.cgi?id=1006680

http://www.debian.org/security/2013/dsa-2777

http://www.openwall.com/lists/oss-security/2013/09/18/6

http://www.ubuntu.com/usn/USN-1961-1

https://bugzilla.redhat.com/show_bug.cgi?id=1006680