CVE-2013-4392

CWE-59 CWE-3677 documents7 sources

Severity

5.0MEDIUM

EPSS

0.0%

top 87.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Systemd Project Systemd

Timeline

PublishedOct 28

Latest updateMay 13

Description

systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:NExploitability: 1.3 | Impact: 3.6

Affected Packages1 packages

▶NVDsystemd_project/systemd< 239

🔴Vulnerability Details

GHSA

GHSA-r4xg-5wrj-c7g3: systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink↗2022-05-13

▶

OSV

CVE-2013-4392: systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink↗2013-10-28

▶

CVEList

CVE-2013-4392: systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink↗2013-10-28

▶

📋Vendor Advisories

Red Hat

systemd: TOCTOU race condition when updating file permissions and SELinux security contexts↗2013-09-23

▶

Debian

CVE-2013-4392: systemd - systemd, when updating file permissions, allows local users to change the permis...↗2013

▶

💬Community

Bugzilla

CVE-2013-4392 systemd: TOCTOU race condition when updating file permissions and SELinux security contexts↗2012-09-20

▶