CVE-2013-2207
First published: Thu Jun 20 2013(Updated: )
A security flaw was found in the way pt_chown, a helper function for grantpt(3) to change ownership and permissions of pseudoterminal, of glibc, the collection of GNU libc libraries, performed pseudotty ownership and permission changes when granting access to the slave pseudoterminal. A local attacker could use this flaw to obtain unauthorized read / write access at the pseudoterminal of their choose by using a specially-crafted (by attacker supplied) file system. Acknowledgements: Red Hat would like to thank Martin Carpenter of Citco for reporting this issue.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU C Library | <=2.17 | |
| GNU C Library | =2.0 | |
| GNU C Library | =2.0.1 | |
| GNU C Library | =2.0.2 | |
| GNU C Library | =2.0.3 | |
| GNU C Library | =2.0.4 | |
| GNU C Library | =2.0.5 | |
| GNU C Library | =2.0.6 | |
| GNU C Library | =2.1 | |
| GNU C Library | =2.1.1 | |
| GNU C Library | =2.1.1.6 | |
| GNU C Library | =2.1.2 | |
| GNU C Library | =2.1.3 | |
| GNU C Library | =2.1.9 | |
| GNU C Library | =2.10.1 | |
| GNU C Library | =2.11 | |
| GNU C Library | =2.11.1 | |
| GNU C Library | =2.11.2 | |
| GNU C Library | =2.11.3 | |
| GNU C Library | =2.12.1 | |
| GNU C Library | =2.12.2 | |
| GNU C Library | =2.13 | |
| GNU C Library | =2.14 | |
| GNU C Library | =2.14.1 | |
| GNU C Library | =2.15 | |
| GNU C Library | =2.16 | |
| Fedora | =18 | |
| Fedora | =19 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
- http://secunia.com/advisories/55113
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:283
- http://www.ubuntu.com/usn/USN-2985-1
- http://www.ubuntu.com/usn/USN-2985-2
- https://bugzilla.redhat.com/show_bug.cgi?id=976408
- https://security.gentoo.org/glsa/201503-04
- https://sourceware.org/bugzilla/show_bug.cgi?id=15755
- https://sourceware.org/ml/libc-alpha/2013-08/msg00160.html
- https://access.redhat.com/security/cve/CVE-2013-2207
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=765000&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=765000&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=772916&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=772916&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=773957&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=773957&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=984829
- http://sourceware.org/ml/libc-alpha/2013-07/msg00359.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=15755
Frequently Asked Questions
What is the severity of CVE-2013-2207?
CVE-2013-2207 has been assigned a high severity level due to its potential to allow local privilege escalation.
How do I fix CVE-2013-2207?
To fix CVE-2013-2207, update the GNU C Library (glibc) to a version higher than 2.17.
Who is affected by CVE-2013-2207?
CVE-2013-2207 affects all users of the GNU C Library (glibc) versions 2.0 through 2.17.
What causes CVE-2013-2207?
CVE-2013-2207 is caused by a flaw in the way the pt_chown function manages permissions and ownership for pseudoterminals.
Is CVE-2013-2207 being actively exploited?
There is no public information indicating that CVE-2013-2207 is actively exploited in the wild.
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-2207
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gnu
- canonical/gnu c library
- version/gnu c library/2.17
- version/gnu c library/2.0
- version/gnu c library/2.0.1
- version/gnu c library/2.0.2
- version/gnu c library/2.0.3
- version/gnu c library/2.0.4
- version/gnu c library/2.0.5
- version/gnu c library/2.0.6
- version/gnu c library/2.1
- version/gnu c library/2.1.1
- version/gnu c library/2.1.1.6
- version/gnu c library/2.1.2
- version/gnu c library/2.1.3
- version/gnu c library/2.1.9
- version/gnu c library/2.10.1
- version/gnu c library/2.11
- version/gnu c library/2.11.1
- version/gnu c library/2.11.2
- version/gnu c library/2.11.3
- version/gnu c library/2.12.1
- version/gnu c library/2.12.2
- version/gnu c library/2.13
- version/gnu c library/2.14
- version/gnu c library/2.14.1
- version/gnu c library/2.15
- version/gnu c library/2.16
- vendor/fedoraproject
- canonical/fedora
- version/fedora/18
- version/fedora/19