CVE-2013-2207 — Glibc vulnerability

CWE-26411 documents8 sources

Severity

2.6LOWNVD

EPSS

0.1%

top 78.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Glibc Eglibc Fedoraproject Fedora

Timeline

PublishedOct 9

Latest updateMay 17

Description

pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.

CVSS vector

AV:L/AC:H/C:P/I:P/A:NExploitability: 1.9 | Impact: 4.9

Affected Packages3 packages

▶Debiangnu/glibc< 2.21-1+3

▶Ubuntueglibc/eglibc< 2.19-0ubuntu6.8

▶NVDgnu/glibc2.17+25

Also affects: Fedora 18, 19

Patches

Patch: bugzilla.redhat.com ↗Patch: sourceware.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-g33j-hgrw-88mh: pt_chown in GNU C Library (aka glibc or libc6) before 2↗2022-05-17

▶

OSV

eglibc, glibc regression↗2016-05-26

▶

OSV

eglibc, glibc vulnerabilities↗2016-05-25

▶

OSV

CVE-2013-2207: pt_chown in GNU C Library (aka glibc or libc6) before 2↗2013-10-09

▶

CVEList

CVE-2013-2207: pt_chown in GNU C Library (aka glibc or libc6) before 2↗2013-10-09

▶

📋Vendor Advisories

Ubuntu

GNU C Library vulnerabilities↗2016-05-25

▶

Red Hat

(pt_chown): Improper pseudotty ownership and permissions changes when granting access to the slave pseudoterminal↗2013-07-16

▶

Debian

CVE-2013-2207: glibc - pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly che...↗2013

▶

💬Community

Bugzilla

glibc: CVE-2013-2207 glibc (pt_chown): Improper pseudotty ownership and permissions changes when granting access to the slave pseudoterminal [fedora-all]↗2013-07-16

▶

Bugzilla

CVE-2013-2207 glibc (pt_chown): Improper pseudotty ownership and permissions changes when granting access to the slave pseudoterminal↗2013-06-20

▶