CVE-2013-4392
ADVISORY - debianSummary
systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
- systemd (unimportant; bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357) [wheezy] - systemd (/etc/tmpfiles.d not supported in Wheezy) https://bugzilla.redhat.com/show_bug.cgi?id=859060 only relevant to systems running systemd along with selinux
EPSS Score: 0.00067 (0.212)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Improper Link Resolution Before File Access ('Link Following')
ADVISORY - redhat
Time-of-check Time-of-use (TOCTOU) Race Condition
Debian
CREATED
UPDATED
ADVISORY IDCVE-2013-4392
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/Alow| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| debian/systemd | deb | debian | 12 | >=252.36-1~deb12u1 | Not yet available |
| debian/systemd | deb | debian | 11 | >=247.3-7+deb11u5 | Not yet available |
| debian/systemd | deb | debian | unstable | >=257.7-1 | Not yet available |
| debian/systemd | deb | debian | 13 | >=257.7-1 | Not yet available |
Severity and metrics
No CVSS data available from this advisory.
NIST
CREATED
UPDATED
ADVISORY IDCVE-2013-4392
EXPLOITABILITY SCORE
1.3
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
5mediumUbuntu
CREATED
UPDATED
ADVISORY IDCVE-2013-4392
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AlowRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2013-4392
EXPLOITABILITY SCORE
3.4
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)