CVE-2013-4392

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 28-10-2013 11:55

Last modified: - 31-01-2022 06:49

Total changes: - 2

Description

systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:M/Au:N/C:P/I:P/A:N

Low

Attack complexity

Local

Attack vector

None

Availability

Low

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

3.3

Base score

3.4

4.9

Exploitability score

Impact score

Verification logic

vendor=systemd_project AND product=systemd AND versionEndExcluding=239

Reference

[oss-security] 20131001 Re: [CVE request] systemd-Mailing List, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=859060
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357

Keywords

CVE-2013-4392

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2013-4392

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures