CVE-2013-2207

NameCVE-2013-2207
Descriptionpt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
NVD severitylow (attack range: local)
Debian Bugs717544

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
eglibc (PTS)wheezy2.13-38+deb7u10vulnerable
wheezy (security)2.13-38+deb7u11vulnerable
glibc (PTS)jessie2.19-18+deb8u7fixed
jessie (security)2.19-18+deb8u3vulnerable
stretch, sid2.24-9fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
eglibcsource(unstable)(unfixed)low
glibcsource(unstable)2.21-1low717544
glibcsourcejessie2.19-18+deb8u4low

Notes

[squeeze] - eglibc <no-dsa> (Minor issue)
[wheezy] - eglibc <no-dsa> (Minor issue)
Patch: https://sourceware.org/git/?p=glibc.git;a=commit;h=e4608715e6e1dd2adc91982fd151d5ba4f761d69

Search for package or bug name: Reporting problems