OpenCVE

The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:N/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Opensuse	Opensuse
Systemd Project	Systemd

Configuration 1 [-]

OR	cpe:2.3:a:systemd_project:systemd::::::::
	cpe:2.3:a:systemd_project:systemd:1:::::::*
	cpe:2.3:a:systemd_project:systemd:2:::::::*
	cpe:2.3:a:systemd_project:systemd:3:::::::*
	cpe:2.3:a:systemd_project:systemd:4:::::::*
	cpe:2.3:a:systemd_project:systemd:5:::::::*
	cpe:2.3:a:systemd_project:systemd:6:::::::*
	cpe:2.3:a:systemd_project:systemd:7:::::::*
	cpe:2.3:a:systemd_project:systemd:8:::::::*
	cpe:2.3:a:systemd_project:systemd:9:::::::*
	cpe:2.3:a:systemd_project:systemd:10:::::::*
	cpe:2.3:a:systemd_project:systemd:11:::::::*
	cpe:2.3:a:systemd_project:systemd:12:::::::*
	cpe:2.3:a:systemd_project:systemd:13:::::::*
	cpe:2.3:a:systemd_project:systemd:14:::::::*
	cpe:2.3:a:systemd_project:systemd:15:::::::*
	cpe:2.3:a:systemd_project:systemd:16:::::::*
	cpe:2.3:a:systemd_project:systemd:17:::::::*
	cpe:2.3:a:systemd_project:systemd:18:::::::*
	cpe:2.3:a:systemd_project:systemd:19:::::::*
	cpe:2.3:a:systemd_project:systemd:20:::::::*
	cpe:2.3:a:systemd_project:systemd:21:::::::*
	cpe:2.3:a:systemd_project:systemd:22:::::::*
	cpe:2.3:a:systemd_project:systemd:23:::::::*
	cpe:2.3:a:systemd_project:systemd:24:::::::*
	cpe:2.3:a:systemd_project:systemd:25:::::::*
	cpe:2.3:a:systemd_project:systemd:26:::::::*
	cpe:2.3:a:systemd_project:systemd:27:::::::*
	cpe:2.3:a:systemd_project:systemd:28:::::::*
	cpe:2.3:a:systemd_project:systemd:29:::::::*
	cpe:2.3:a:systemd_project:systemd:30:::::::*
	cpe:2.3:a:systemd_project:systemd:31:::::::*
	cpe:2.3:a:systemd_project:systemd:32:::::::*
	cpe:2.3:a:systemd_project:systemd:33:::::::*
	cpe:2.3:a:systemd_project:systemd:34:::::::*
	cpe:2.3:a:systemd_project:systemd:35:::::::*
	cpe:2.3:a:systemd_project:systemd:36:::::::*
	cpe:2.3:o:opensuse:opensuse:12.1:::::::*

No data.

References

Link	Providers
http://cgit.freedesktop.org/systemd/systemd/commit/?id=fc3c1c6e091ea16ad5600b145201ec535bbb5d7c
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00030.html
http://www.osvdb.org/79768
https://bugzilla.novell.com/show_bug.cgi?id=747154
https://bugzilla.redhat.com/show_bug.cgi?id=795853

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-04-18T14:00:00

Updated: 2024-08-06T18:38:14.999Z

Reserved: 2012-01-19T00:00:00

Link: CVE-2012-0871

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-04-18T14:55:25.227

Modified: 2024-11-21T01:35:52.960

Link: CVE-2012-0871

Redhat

No data.

Metrics

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object