CVE-2012-5630Time-of-check Time-of-use (TOCTOU) Race Condition in Libuser

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition8 documents6 sources
Severity
6.3MEDIUMNVD
EPSS
0.1%
top 69.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LibuserDebian LibuserFedoraproject Fedora+2 more
Timeline
PublishedNov 25
Latest updateApr 23

Description

libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.0 | Impact: 5.2

Affected Packages4 packages

debiandebian/libuser< libuser 1:0.60~dfsg-1 (bookworm)
Debianlibuser/libuser< 1:0.60~dfsg-1+3
CVEListV5libuser/libuser0.56, 0.57+1
NVDlibuser_project/libuser0.57, 0.58+1

Also affects: Fedora 18, Enterprise Linux 5.0, 6.0

🔴Vulnerability Details

2
GHSA
GHSA-4674-qwpx-v98w: libuser 02022-04-23
OSV
CVE-2012-5630: libuser 02019-11-25

📋Vendor Advisories

2
Red Hat
libuser: TOCTOU race conditions by copying and removing directory trees2013-03-28
Debian
CVE-2012-5630: libuser - libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition wh...2012

💬Community

3
Bugzilla
CVE-2012-5630 CVE-2012-5644 libuser various flaws [fedora-all]2013-03-28
Bugzilla
CVE-2012-5644 libuser: (Complete) Information disclosure when moving user's home directory2012-12-10
Bugzilla
CVE-2012-5630 libuser: TOCTOU race conditions by copying and removing directory trees2012-12-06