CVE-2012-0871

CVSS V2 Medium 6.3 CVSS V3 None
Description
The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.
Overview
  • CVE ID
  • CVE-2012-0871
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2014-04-18T14:55:25
  • Last Modified Date
  • 2022-01-28T19:16:59
Weakness Enumerations
CWE URL
CWE-59 http://cwe.mitre.org/data/definitions/59.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:* 1 OR 037
cpe:2.3:a:systemd_project:systemd:1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:13:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:16:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:17:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:18:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:19:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:20:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:21:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:22:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:23:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:24:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:25:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:26:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:27:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:28:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:29:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:30:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:31:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:32:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:33:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:34:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:35:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:systemd_project:systemd:36:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:L/AC:M/Au:N/C:N/I:C/A:C
  • Access Vector
  • LOCAL
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 6.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 3.4
  • Impact Score
  • 9.2
References
Reference URL Reference Tags
http://www.osvdb.org/79768
https://bugzilla.redhat.com/show_bug.cgi?id=795853
https://bugzilla.novell.com/show_bug.cgi?id=747154
http://cgit.freedesktop.org/systemd/systemd/commit/?id=fc3c1c6e091ea16ad5600b145201ec535bbb5d7c
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00030.html
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2012-0871
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0871
History
Created Old Value New Value Data Type Notes
2022-05-10 06:35:51 Added to TrackCVE
2022-12-01 22:46:22 2014-04-18T14:55Z 2014-04-18T14:55:25 CVE Published Date updated
2022-12-01 22:46:22 2022-01-28T19:16:59 CVE Modified Date updated
2022-12-01 22:46:22 Analyzed Vulnerability Status updated