This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/15755] New: CVE-2013-2207: pt_chown tricked into granting access to another users pseudo-terminal
- From: "carlos at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Fri, 19 Jul 2013 04:18:05 +0000
- Subject: [Bug libc/15755] New: CVE-2013-2207: pt_chown tricked into granting access to another users pseudo-terminal
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=15755
Bug ID: 15755
Summary: CVE-2013-2207: pt_chown tricked into granting access
to another users pseudo-terminal
Product: glibc
Version: 2.18
Status: NEW
Severity: normal
Priority: P2
Component: libc
Assignee: unassigned at sourceware dot org
Reporter: carlos at redhat dot com
CC: drepper.fsp at gmail dot com
A security flaw was found in the way pt_chown, a helper function for grantpt(3)
to change ownership and permissions of pseudoterminal, of glibc, the collection
of GNU libc libraries, performed pseudotty ownership and permission changes
when granting access to the slave pseudoterminal. A local attacker could use
this flaw to obtain unauthorized read / write access at the pseudoterminal of
their choose by using a specially-crafted (by attacker supplied) file system.
Acknowledgements:
Red Hat would like to thank Martin Carpenter of Citco for reporting this issue.
--
You are receiving this mail because:
You are on the CC list for the bug.