CVE-2013-4169Link Following in Display Manager

CWE-59Link FollowingCWE-367Time-of-check Time-of-use (TOCTOU) Race Condition6 documents6 sources
Severity
6.9MEDIUMNVD
EPSS
0.0%
top 92.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Gnome Display Manager
Timeline
PublishedSep 10
Latest updateMay 17

Description

GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-j642-2qgg-v4wq: GNOME Display Manager (gdm) before 22022-05-17
CVEList
CVE-2013-4169: GNOME Display Manager (gdm) before 22013-09-10

📋Vendor Advisories

2
Red Hat
gdm: TOCTTOU race condition on /tmp/.X11-unix2013-09-05
Debian
CVE-2013-4169: gdm3 - GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissio...2013

💬Community

1
Bugzilla
CVE-2013-4169 gdm: TOCTTOU race condition on /tmp/.X11-unix2013-07-25
CVE-2013-4169 — Link Following in Gnome Display Manager | cvebase