CVE-2013-4169
published 2013-09-10CVE-2013-4169: GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.
PriorityP421medium6.9CVSS 2.0
AVLACMAuNCCICAC
EPSS
0.37%
28.9th percentile
GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.
Affected
45 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gdm3 | — | — |
| gnome | gnome_display_manager | <= 2.21 | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
| gnome | gnome_display_manager | — | — |
CVSS provenance
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
vendor_debian6.9LOW
vendor_redhat6.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j642-2qgg-v4wq: GNOME Display Manager (gdm) before 2
ghsa_unreviewed·2022-05-17
CVE-2013-4169 [MEDIUM] CWE-59 GHSA-j642-2qgg-v4wq: GNOME Display Manager (gdm) before 2
GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.
Red Hat
gdm: TOCTTOU race condition on /tmp/.X11-unix
vendor_redhat·2013-09-05·CVSS 6.9
CVE-2013-4169 [MEDIUM] CWE-367 gdm: TOCTTOU race condition on /tmp/.X11-unix
gdm: TOCTTOU race condition on /tmp/.X11-unix
GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.
Statement: This flaw only affected GDM in Red Hat Enterprise Linux 5 and does not affect Red Hat Enterprise Linux 6.
Package: gdm (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2013-4169: gdm3 - GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissio...
vendor_debian·2013·CVSS 6.9
CVE-2013-4169 [MEDIUM] CVE-2013-4169: gdm3 - GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissio...
GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
2013-09-10
Published