Local Users Can Modify Permissions in GNOME Display Manager
CVE-2013-4169

Currently unrated

Key Information:

Vendor: Gnome
Status: Gnome Display Manager
Vendor: CVE Published:; 10 September 2013

What is CVE-2013-4169?

GNOME Display Manager versions prior to 2.21.1 are susceptible to a vulnerability that permits local users to exploit symlink attacks on /tmp/.X11-unix/. This can lead to unauthorized modifications of directory permissions, potentially enabling attackers to gain inappropriate access to system resources. The risk primarily arises from improper handling of symbolic links in the logout and session management processes, thus affecting the integrity of the GNOME desktop environment.

References

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=988498

x_refsource_CONFIRM

http://secunia.com/advisories/54661

third-party-advisoryx_refsource_SECUNIA

http://rhn.redhat.com/errata/RHSA-2013-1213.html

vendor-advisoryx_refsource_REDHAT

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 10, 2013

Gnome

What is CVE-2013-4169?

References

Timeline