Executive Summary

Informations
Name CVE-2013-4169 First vendor Publication 2013-09-10
Vendor Cve Last vendor Modification 2013-09-12

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4169

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-59 Improper Link Resolution Before File Access ('Link Following')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21234
 
Oval ID: oval:org.mitre.oval:def:21234
Title: RHSA-2013:1213: gdm security update (Important)
Description: GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.
Family: unix Class: patch
Reference(s): RHSA-2013:1213-00
CESA-2013:1213
CVE-2013-4169
 Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): gdm
initscripts
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23089
 
Oval ID: oval:org.mitre.oval:def:23089
Title: ELSA-2013:1213: gdm security update (Important)
Description: GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.
Family: unix Class: patch
Reference(s): ELSA-2013:1213-00
CVE-2013-4169
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): gdm
initscripts
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27417
 
Oval ID: oval:org.mitre.oval:def:27417
Title: DEPRECATED: ELSA-2013-1213 -- gdm security update (important)
Description: gdm [2.16.0-59.0.1.el5_9.1] - Fix gdmconfig memory leaks [orabug 12734629] [2.16.0-59.1] - Don't try to pre-create directories that are internal implementation details of X. Resolves: #997619 CVE-2013-4169 initscripts [8.45.42-2.0.1.el5_9.1] - Do not rename eth devices. Orabug 14266688. Apply upstream patches: 0001-Remove-reference-to-rename_device.patch 0002-rename_device-dequote-DEVICE-eth0.patch 0003-dont_try_to_rename_devices.patch - change the ifup-eth and ifdown-eth script to use default leases file of dhclient. [Orabug 12434590] - Update oracle-enterprise.patch to do detection on /etc/oracle-release and /etc/enterprise-release - Patch x86_64 sysctl.conf as well as default sysctl.conf - Patch sysctl.conf to default rp_filter to loose reverse path filtering (has no effect for pre-2.6.32 kernels) [orabug 10286227] - Move hwclock into udev rules - Update oracle-enterprise.patch to fix RedHat references in arch specific sysctl.conf files in source tarball - Add oracle-enterprise.patch and update specfile - Don't attempt to re-enslave already-enslaved devices (#455537) (pknirsch@redhat.com) [8.45.42-2.1] - create /tmp/.X11-unix in rc.sysinit (#997622, CVE-2013-4169) [8.45.42-2] - added missing '-p p' for kpartx in netfs (#844671)
Family: unix Class: patch
Reference(s): ELSA-2013-1213
CVE-2013-4169
 Version: 4
Platform(s): Oracle Linux 5
 Product(s): gdm
initscripts
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 44

Nessus® Vulnerability Scanner

Date Description
2013-09-07 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1213.nasl - Type : ACT_GATHER_INFO
2013-09-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1213.nasl - Type : ACT_GATHER_INFO
2013-09-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1213.nasl - Type : ACT_GATHER_INFO
2013-09-06 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130905_gdm_on_SL5_x.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CONFIRM https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=988498
REDHAT http://rhn.redhat.com/errata/RHSA-2013-1213.html
SECUNIA http://secunia.com/advisories/54661

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
Date Informations
2021-05-05 01:13:16
  • Multiple Updates
2021-05-04 12:27:08
  • Multiple Updates
2021-04-22 01:32:50
  • Multiple Updates
2020-05-24 01:11:58
  • Multiple Updates
2020-05-23 00:37:54
  • Multiple Updates
2019-02-13 12:03:07
  • Multiple Updates
2016-04-26 23:30:49
  • Multiple Updates
2014-02-17 11:21:47
  • Multiple Updates
2013-09-12 13:20:46
  • Multiple Updates
2013-09-11 17:23:04
  • Multiple Updates
2013-09-11 00:20:05
  • First insertion