CVE-2013-4169

Loading...

General

Score:6.9/10.0
Severity:Medium
Category:Path Manipulation

Impact Metrics

Confidentiality:Complete
Integrity:Complete
Availability:Complete

Exploitability Metrics

Access Vector:Local
Access Complexity:Medium
Authentication:None

Published on 10/09/13 - Updated on 12/09/13

Description

GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.

Category: Path Manipulation

CWE-59 (Link Following)
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Security Notices

US National Vulnerability DatabaseCVE-2013-4169
CentOS CESA-2013:1213
Oracle Linux ELSA-2013-1213
Redhat RHSA-2013:1213

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
gnomegnome_display_manager

Share this vulnerability with:

Twitter Facebook LinkedIn Mail