Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.6
CVSSv2

CVE-2013-2207

Published: 09/10/2013 Updated: 01/07/2017
CVSS v2 Base Score: 2.6 | Impact Score: 4.9 | Exploitability Score: 1.9
VMScore: 231
Vector: AV:L/AC:H/Au:N/C:P/I:P/A:N
Subscribe to Glibc

Vulnerability Summary

pt_chown in GNU C Library (aka glibc or libc6) prior to 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.

Vulnerable Product Search on Vulmon Subscribe to Product

gnu glibc 2.14

gnu glibc

gnu glibc 2.16

gnu glibc 2.11.2

gnu glibc 2.11.1

gnu glibc 2.1.1

gnu glibc 2.1

gnu glibc 2.0

gnu glibc 2.12.2

gnu glibc 2.12.1

gnu glibc 2.11.3

gnu glibc 2.1.2

gnu glibc 2.1.1.6

gnu glibc 2.0.2

gnu glibc 2.0.1

gnu glibc 2.13

gnu glibc 2.1.9

gnu glibc 2.1.3

gnu glibc 2.0.4

gnu glibc 2.0.3

gnu glibc 2.15

gnu glibc 2.14.1

gnu glibc 2.11

gnu glibc 2.10.1

gnu glibc 2.0.6

gnu glibc 2.0.5

fedoraproject fedora 19

fedoraproject fedora 18

Vendor Advisories

Ubuntu Security Notice: eglibc, glibc vulnerabilities
Several security issues were fixed in the GNU C Library ...
Ubuntu Security Notice: eglibc, glibc regression
USN-2985-1 introduced a regression in the GNU C Library ...
Debian CVElist Bug Report Logs: CVE-2015-1781
Debian Bug report logs - #796105 CVE-2015-1781 Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 19 Aug 2015 14:03:01 UTC Severity: important Tags: security Fixed in versions glibc/221-0experimental1, gli ...
Debian CVElist Bug Report Logs: libc6: Pointer guarding bypass in dynamic Setuid binaries
Debian Bug report logs - #798316 libc6: Pointer guarding bypass in dynamic Setuid binaries Package: libc6; Maintainer for libc6 is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Source for libc6 is src:glibc (PTS, buildd, popcon) Reported by: Hideki Yamane <henrich@debianorjp> Date: Tue, 8 Sep 2015 01:24:02 ...
Debian CVElist Bug Report Logs: CVE-2013-2207: Remove pt_chown
Debian Bug report logs - #717544 CVE-2013-2207: Remove pt_chown Package: libc-bin; Maintainer for libc-bin is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Source for libc-bin is src:glibc (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Mon, 22 Jul 2013 06:39:02 UTC Severity: imp ...
Debian CVElist Bug Report Logs: eglibc: CVE-2012-4412: strcoll integer / buffer overflow
Debian Bug report logs - #687530 eglibc: CVE-2012-4412: strcoll integer / buffer overflow Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 13 Sep 2012 14:21:01 UTC Severity: important Tags: patch, security Found in versions eglibc/2113-4, eglibc/217-93 Fix ...
Debian CVElist Bug Report Logs: eglibc: CVE-2012-4424: stack overflow in strcoll()
Debian Bug report logs - #689423 eglibc: CVE-2012-4424: stack overflow in strcoll() Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 2 Oct 2012 13:12:01 UTC Severity: important Tags: patch, security Found in versions eglibc/2113-4, eglibc/217-93 Fixed in ...
Debian CVElist Bug Report Logs: eglibc: CVE-2013-4237
Debian Bug report logs - #719558 eglibc: CVE-2013-4237 Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 13 Aug 2013 05:15:02 UTC Severity: important Tags: security Found in versions eglibc/2113-4, eglibc/217-93 Fixed in versions eglibc/217-94, eglibc/213 ...
Debian CVElist Bug Report Logs: eglibc: CVE-2013-4458: Stack (frame) overflow in getaddrinfo() when called with AF_INET6
Debian Bug report logs - #727181 eglibc: CVE-2013-4458: Stack (frame) overflow in getaddrinfo() when called with AF_INET6 Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 23 Oct 2013 04:54:01 UTC Severity: important Tags: security, upstream Fixed in vers ...
Red Hat: CVE-2013-2207
pt_chown in GNU C Library (aka glibc or libc6) before 218 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system ...

References

CWE-264https://sourceware.org/ml/libc-alpha/2013-08/msg00160.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=976408https://sourceware.org/bugzilla/show_bug.cgi?id=15755http://secunia.com/advisories/55113http://www.mandriva.com/security/advisories?name=MDVSA-2013:283http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.htmlhttp://www.ubuntu.com/usn/USN-2985-2http://www.ubuntu.com/usn/USN-2985-1https://security.gentoo.org/glsa/201503-04https://nvd.nist.govhttps://usn.ubuntu.com/2985-1/https://access.redhat.com/security/cve/cve-2013-2207
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook