CVE-2013-2207 (retired)

Priority
Description
pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not
properly check permissions for tty files, which allows local users to
change the permission on the files and obtain access to arbitrary
pseudo-terminals by leveraging a FUSE file system.
Ubuntu-Description
Martin Carpenter discovered that pt_chown in the GNU C Library
did not properly check permissions for tty files. A local attacker
could use this to gain administrative privileges or expose sensitive
information.
Notes
 mdeslaur> patch disables building of pt_chown
 mdeslaur> We can't just remove pt_chown from older releases, as
 mdeslaur> unfortunately a lot of stuff still needs it, like lxc for
 mdeslaur> example. We'll need to identify them first and fix them at the
 mdeslaur> same time.
 mdeslaur>
 mdeslaur> While this CVE was originally marked as fixed in 2.17-93ubuntu2,
 mdeslaur> it got reverted in 2.17-93ubuntu4.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (2.15-0ubuntu10.14)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.19-0ubuntu6.8)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
Upstream:http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e4608715e6e1dd2adc91982fd151d5ba4f761d69
Package
Source: glibc (LP Ubuntu Debian)
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.23-0ubuntu1)
More Information

Updated: 2019-03-26 12:08:12 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)