CVE-2013-2207
First published: Thu Jun 20 2013(Updated: )
A security flaw was found in the way pt_chown, a helper function for grantpt(3) to change ownership and permissions of pseudoterminal, of glibc, the collection of GNU libc libraries, performed pseudotty ownership and permission changes when granting access to the slave pseudoterminal. A local attacker could use this flaw to obtain unauthorized read / write access at the pseudoterminal of their choose by using a specially-crafted (by attacker supplied) file system. Acknowledgements: Red Hat would like to thank Martin Carpenter of Citco for reporting this issue.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU glibc | <=2.17 | |
| GNU glibc | =2.0 | |
| GNU glibc | =2.0.1 | |
| GNU glibc | =2.0.2 | |
| GNU glibc | =2.0.3 | |
| GNU glibc | =2.0.4 | |
| GNU glibc | =2.0.5 | |
| GNU glibc | =2.0.6 | |
| GNU glibc | =2.1 | |
| GNU glibc | =2.1.1 | |
| GNU glibc | =2.1.1.6 | |
| GNU glibc | =2.1.2 | |
| GNU glibc | =2.1.3 | |
| GNU glibc | =2.1.9 | |
| GNU glibc | =2.10.1 | |
| GNU glibc | =2.11 | |
| GNU glibc | =2.11.1 | |
| GNU glibc | =2.11.2 | |
| GNU glibc | =2.11.3 | |
| GNU glibc | =2.12.1 | |
| GNU glibc | =2.12.2 | |
| GNU glibc | =2.13 | |
| GNU glibc | =2.14 | |
| GNU glibc | =2.14.1 | |
| GNU glibc | =2.15 | |
| GNU glibc | =2.16 | |
| Fedoraproject Fedora | =18 | |
| Fedoraproject Fedora | =19 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
- http://secunia.com/advisories/55113
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:283
- http://www.ubuntu.com/usn/USN-2985-1
- http://www.ubuntu.com/usn/USN-2985-2
- https://bugzilla.redhat.com/show_bug.cgi?id=976408
- https://security.gentoo.org/glsa/201503-04
- https://sourceware.org/bugzilla/show_bug.cgi?id=15755
- https://sourceware.org/ml/libc-alpha/2013-08/msg00160.html
- https://access.redhat.com/security/cve/CVE-2013-2207
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=765000&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=765000&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=772916&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=772916&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=773957&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=773957&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=984829
- http://sourceware.org/ml/libc-alpha/2013-07/msg00359.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=15755
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-2207
- agent/trending
- agent/tags
- agent/source
- vendor/gnu
- canonical/gnu glibc
- version/gnu glibc/2.17
- version/gnu glibc/2.0
- version/gnu glibc/2.0.1
- version/gnu glibc/2.0.2
- version/gnu glibc/2.0.3
- version/gnu glibc/2.0.4
- version/gnu glibc/2.0.5
- version/gnu glibc/2.0.6
- version/gnu glibc/2.1
- version/gnu glibc/2.1.1
- version/gnu glibc/2.1.1.6
- version/gnu glibc/2.1.2
- version/gnu glibc/2.1.3
- version/gnu glibc/2.1.9
- version/gnu glibc/2.10.1
- version/gnu glibc/2.11
- version/gnu glibc/2.11.1
- version/gnu glibc/2.11.2
- version/gnu glibc/2.11.3
- version/gnu glibc/2.12.1
- version/gnu glibc/2.12.2
- version/gnu glibc/2.13
- version/gnu glibc/2.14
- version/gnu glibc/2.14.1
- version/gnu glibc/2.15
- version/gnu glibc/2.16
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/18
- version/fedoraproject fedora/19