CVE-2013-2207
Publication date 9 October 2013
Last updated 24 July 2024
Ubuntu priority
pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
From the Ubuntu Security Team
Martin Carpenter discovered that pt_chown in the GNU C Library did not properly check permissions for tty files. A local attacker could use this to gain administrative privileges or expose sensitive information.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| eglibc | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty |
Fixed 2.19-0ubuntu6.8
|
|
| glibc | ||
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
Notes
mdeslaur
patch disables building of pt_chown We can't just remove pt_chown from older releases, as unfortunately a lot of stuff still needs it, like lxc for example. We'll need to identify them first and fix them at the same time. While this CVE was originally marked as fixed in 2.17-93ubuntu2, it got reverted in 2.17-93ubuntu4.
Patch details
| Package | Patch details |
|---|---|
| eglibc |
References
Related Ubuntu Security Notices (USN)
- USN-2985-1
- GNU C Library vulnerabilities
- 25 May 2016