CVE-2013-2207
glibc < 2.18 - Unauthenticated Permission Bypass via pt_chown
Title source: llmDescription
pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
References (10)
Core 10
Core References
Patch x_refsource_confirm
https://sourceware.org/bugzilla/show_bug.cgi?id=15755
Patch mailing-list
x_refsource_mlist
https://sourceware.org/ml/libc-alpha/2013-08/msg00160.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2985-2
Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=976408
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/55113
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201503-04
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:283
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2985-1
Scores
EPSS
0.0007
EPSS Percentile
21.6%
Details
CWE
CWE-264
Status
published
Products (28)
fedoraproject/fedora
18
fedoraproject/fedora
19
gnu/glibc
2.0
gnu/glibc
2.0.1
gnu/glibc
2.0.2
gnu/glibc
2.0.3
gnu/glibc
2.0.4
gnu/glibc
2.0.5
gnu/glibc
2.0.6
gnu/glibc
2.1
... and 18 more
Published
Oct 09, 2013
Tracked Since
Feb 18, 2026