{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-07-19T00:00:00", "descriptions": [{"lang": "en", "value": "pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-30T16:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=15755"}, {"name": "55113", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55113"}, {"name": "SUSE-SU-2015:1424", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html"}, {"name": "[libc-alpha] 20130812 The GNU C Library version 2.18 is now available", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://sourceware.org/ml/libc-alpha/2013-08/msg00160.html"}, {"name": "SUSE-SU-2016:0470", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"}, {"name": "USN-2985-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2985-2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=976408"}, {"name": "GLSA-201503-04", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201503-04"}, {"name": "MDVSA-2013:283", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"}, {"name": "USN-2985-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2985-1"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:27:41.090Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=15755"}, {"name": "55113", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55113"}, {"name": "SUSE-SU-2015:1424", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html"}, {"name": "[libc-alpha] 20130812 The GNU C Library version 2.18 is now available", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://sourceware.org/ml/libc-alpha/2013-08/msg00160.html"}, {"name": "SUSE-SU-2016:0470", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"}, {"name": "USN-2985-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2985-2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=976408"}, {"name": "GLSA-201503-04", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201503-04"}, {"name": "MDVSA-2013:283", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"}, {"name": "USN-2985-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2985-1"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-2207", "datePublished": "2013-10-09T22:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:27:41.090Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", "matchCriteriaId": "80EA2A91-4CBF-4AF4-9776-BF9EFDA67CDF", "versionEndIncluding": "2.17", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5C0577C-6BC7-418F-B2C5-B74800D43418", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "FEA795F7-8AAC-42BA-971B-601346704BD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "5CADA314-C0D0-40F8-9019-884F17D0B54A", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "255E0C0D-0B70-4C10-BF7C-34193AA24C42", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "F424F2F5-D7E4-4A13-A8CF-32D466610BDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "6DC4E7AE-BDC4-48F1-9FDE-3F3FAA3F40F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "F1329215-C53A-40D5-8E9C-F457D092E483", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "4E2A0F12-FD00-40B9-86AD-7D082385E5DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "8ED8F0E8-A969-4F7F-A100-662F4A5426FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "9416576F-A605-45BE-AA01-FEF357A66979", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "AE582B8F-4E31-4D0F-B2F9-AC83C855F751", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "DB56D9C9-13B3-418C-B06C-0997E165F1C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "19D5667D-5EA4-4B44-BF8A-9C10506BD4E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "9A30D0EE-1AED-4C99-8A22-24E47212F3FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*", "matchCriteriaId": "4169CA4B-C4F5-499A-A35A-49DD43AC0A22", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "A3AC9749-52C5-4E17-8A77-5F4ED91FA8E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "C55E32EC-33A6-4145-9B76-C7E3DBACD1E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*", "matchCriteriaId": "6423F0B5-E483-4DE9-B13F-3A7322F055DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "C543B0E8-8B48-44A4-B63F-B2D9EA23E8EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "37880948-2AB5-491A-85E2-B7E271E03B1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*", "matchCriteriaId": "DF8E0DCD-8D39-4C89-9B4C-37025D9BE3A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*", "matchCriteriaId": "BFD5D113-EF53-4690-92AC-B6E54D70AA9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*", "matchCriteriaId": "92B1C39D-1183-4FAE-85C2-D1DC7AA6F431", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*", "matchCriteriaId": "733A1711-D2FC-45C6-9542-893860851F6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*", "matchCriteriaId": "CA4CFA8E-9892-4DDA-9DB2-581711E974A1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*", "matchCriteriaId": "E14271AE-1309-48F3-B9C6-D7DEEC488279", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system."}, {"lang": "es", "value": "pt_chown en GNU C Library (tambi\u00e9n conocida como glibc o libc6) anterior a la versi\u00f3n 2.18 no comprueba adecuadamente los permisos para archivos tty, lo que permite a usuarios locales cambiar el permiso en los archivos y obtener acceso a pseudo-terminals arbitrarios mediante el aprovechamiento de un sistema de archivos FUSE."}], "id": "CVE-2013-2207", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-10-09T22:55:02.633", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/55113"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2985-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2985-2"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=976408"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/201503-04"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=15755"}, {"source": "secalert@redhat.com", "url": "https://sourceware.org/ml/libc-alpha/2013-08/msg00160.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/55113"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2985-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2985-2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=976408"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201503-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=15755"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://sourceware.org/ml/libc-alpha/2013-08/msg00160.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Martin Carpenter (Citco) for reporting this issue.", "bugzilla": {"description": "(pt_chown): Improper pseudotty ownership and permissions changes when granting access to the slave pseudoterminal", "id": "976408", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=976408"}, "csaw": false, "cvss": {"cvss_base_score": "2.6", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:P/A:N", "status": "draft"}, "details": ["pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system."], "name": "CVE-2013-2207", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2013-07-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-2207\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-2207"], "statement": "Not Vulnerable. This issue does not affect the version of glibc as shipped with Red Hat Enterprise Linux 5 and 6.", "threat_severity": "Moderate"}