CVE-2012-0871

The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.

CVSS v2.0 6.3 MEDIUM

6.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:N/I:C/A:C

Exploitability : 3.4 / Impact : 9.2

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://cgit.freedesktop.org/systemd/systemd/commit/?id=fc3c1c6e091ea16ad5600b145201ec535bbb5d7c
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00030.html
http://www.osvdb.org/79768
https://bugzilla.novell.com/show_bug.cgi?id=747154
https://bugzilla.redhat.com/show_bug.cgi?id=795853
http://cgit.freedesktop.org/systemd/systemd/commit/?id=fc3c1c6e091ea16ad5600b145201ec535bbb5d7c
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00030.html
http://www.osvdb.org/79768
https://bugzilla.novell.com/show_bug.cgi?id=747154
https://bugzilla.redhat.com/show_bug.cgi?id=795853

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:systemd_project:systemd::::::::
	cpe:2.3:a:systemd_project:systemd:1:::::::*
	cpe:2.3:a:systemd_project:systemd:2:::::::*
	cpe:2.3:a:systemd_project:systemd:3:::::::*
	cpe:2.3:a:systemd_project:systemd:4:::::::*
	cpe:2.3:a:systemd_project:systemd:5:::::::*
	cpe:2.3:a:systemd_project:systemd:6:::::::*
	cpe:2.3:a:systemd_project:systemd:7:::::::*
	cpe:2.3:a:systemd_project:systemd:8:::::::*
	cpe:2.3:a:systemd_project:systemd:9:::::::*
	cpe:2.3:a:systemd_project:systemd:10:::::::*
	cpe:2.3:a:systemd_project:systemd:11:::::::*
	cpe:2.3:a:systemd_project:systemd:12:::::::*
	cpe:2.3:a:systemd_project:systemd:13:::::::*
	cpe:2.3:a:systemd_project:systemd:14:::::::*
	cpe:2.3:a:systemd_project:systemd:15:::::::*
	cpe:2.3:a:systemd_project:systemd:16:::::::*
	cpe:2.3:a:systemd_project:systemd:17:::::::*
	cpe:2.3:a:systemd_project:systemd:18:::::::*
	cpe:2.3:a:systemd_project:systemd:19:::::::*
	cpe:2.3:a:systemd_project:systemd:20:::::::*
	cpe:2.3:a:systemd_project:systemd:21:::::::*
	cpe:2.3:a:systemd_project:systemd:22:::::::*
	cpe:2.3:a:systemd_project:systemd:23:::::::*
	cpe:2.3:a:systemd_project:systemd:24:::::::*
	cpe:2.3:a:systemd_project:systemd:25:::::::*
	cpe:2.3:a:systemd_project:systemd:26:::::::*
	cpe:2.3:a:systemd_project:systemd:27:::::::*
	cpe:2.3:a:systemd_project:systemd:28:::::::*
	cpe:2.3:a:systemd_project:systemd:29:::::::*
	cpe:2.3:a:systemd_project:systemd:30:::::::*
	cpe:2.3:a:systemd_project:systemd:31:::::::*
	cpe:2.3:a:systemd_project:systemd:32:::::::*
	cpe:2.3:a:systemd_project:systemd:33:::::::*
	cpe:2.3:a:systemd_project:systemd:34:::::::*
	cpe:2.3:a:systemd_project:systemd:35:::::::*
	cpe:2.3:a:systemd_project:systemd:36:::::::*
	cpe:2.3:o:opensuse:opensuse:12.1:::::::*

History

21 Nov 2024, 01:35

Type	Values Removed	Values Added
References	~~() http://cgit.freedesktop.org/systemd/systemd/commit/?id=fc3c1c6e091ea16ad5600b145201ec535bbb5d7c -~~	() http://cgit.freedesktop.org/systemd/systemd/commit/?id=fc3c1c6e091ea16ad5600b145201ec535bbb5d7c -
References	~~() http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00030.html -~~	() http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00030.html -
References	~~() http://www.osvdb.org/79768 -~~	() http://www.osvdb.org/79768 -
References	~~() https://bugzilla.novell.com/show_bug.cgi?id=747154 -~~	() https://bugzilla.novell.com/show_bug.cgi?id=747154 -
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=795853 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=795853 -

Information

Published : 2014-04-18 14:55

Updated : 2024-11-21 01:35

NVD link : CVE-2012-0871

Mitre link : CVE-2012-0871

CVE.ORG link : CVE-2012-0871

JSON object : View

Products Affected

opensuse

opensuse

systemd_project

systemd

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

6.3 /10