Showing 1 - 2 of 2

CVE-2013-4169

Status Candidate

Overview

GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.

Mandriva Linux Security Advisory 2013-230: Posted Sep 11, 2013; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2013-230 - GNOME Display Manager before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/. The updated packages have been patched to correct this issue.; tags | advisory, arbitrary, local; systems | linux, unix, mandriva; advisories | CVE-2013-4169; SHA-256 | 52fc496e2b4ebb9f1415e08261f0752782983a44bf6d40e2c33d04ddb1941839; Download | Favorite | View

Red Hat Security Advisory 2013-1213-01: Posted Sep 6, 2013; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2013-1213-01 - The GNOME Display Manager provides the graphical login screen, shown shortly after boot up, log out, and when user-switching. A race condition was found in the way GDM handled the X server sockets directory located in the system temporary directory. An unprivileged user could use this flaw to perform a symbolic link attack, giving them write access to any file, allowing them to escalate their privileges to root. Note that this erratum includes an updated initscripts package. To fix CVE-2013-4169, the vulnerable code was removed from GDM and the initscripts package was modified to create the affected directory safely during the system boot process. Therefore, this update will appear on all systems, however systems without GDM installed are not affected by this flaw.; tags | advisory, root; systems | linux, redhat; advisories | CVE-2013-4169; SHA-256 | 538d9b0bf864ac5f5ba4356145575335274930ff922d6ba289ac9096bf48441b; Download | Favorite | View

Page 1 of 1 Back 1 Next