Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-0871

The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.

Published

2014-04-18T14:55:25.227

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.3 (MEDIUM)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:N/I:C/A:C

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.4

Impact Score

9.2

Weaknesses

Type: Primary
CWE-59

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	systemd_project	systemd	≤ 037	Yes
Application	systemd_project	systemd	1	Yes
Application	systemd_project	systemd	2	Yes
Application	systemd_project	systemd	3	Yes
Application	systemd_project	systemd	4	Yes
Application	systemd_project	systemd	5	Yes
Application	systemd_project	systemd	6	Yes
Application	systemd_project	systemd	7	Yes
Application	systemd_project	systemd	8	Yes
Application	systemd_project	systemd	9	Yes
Application	systemd_project	systemd	10	Yes
Application	systemd_project	systemd	11	Yes
Application	systemd_project	systemd	12	Yes
Application	systemd_project	systemd	13	Yes
Application	systemd_project	systemd	14	Yes
Application	systemd_project	systemd	15	Yes
Application	systemd_project	systemd	16	Yes
Application	systemd_project	systemd	17	Yes
Application	systemd_project	systemd	18	Yes
Application	systemd_project	systemd	19	Yes
Application	systemd_project	systemd	20	Yes
Application	systemd_project	systemd	21	Yes
Application	systemd_project	systemd	22	Yes
Application	systemd_project	systemd	23	Yes
Application	systemd_project	systemd	24	Yes
Application	systemd_project	systemd	25	Yes
Application	systemd_project	systemd	26	Yes
Application	systemd_project	systemd	27	Yes
Application	systemd_project	systemd	28	Yes
Application	systemd_project	systemd	29	Yes
Application	systemd_project	systemd	30	Yes
Application	systemd_project	systemd	31	Yes
Application	systemd_project	systemd	32	Yes
Application	systemd_project	systemd	33	Yes
Application	systemd_project	systemd	34	Yes
Application	systemd_project	systemd	35	Yes
Application	systemd_project	systemd	36	Yes
Operating System	opensuse	opensuse	12.1	Yes

References

http://cgit.freedesktop.org/systemd/systemd/commit/?id=fc3c1c6e091ea16ad5600b145201ec535bbb5d7c ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00030.html ([email protected])
http://www.osvdb.org/79768 ([email protected])
https://bugzilla.novell.com/show_bug.cgi?id=747154 ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=795853 ([email protected])
http://cgit.freedesktop.org/systemd/systemd/commit/?id=fc3c1c6e091ea16ad5600b145201ec535bbb5d7c (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00030.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/79768 (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.novell.com/show_bug.cgi?id=747154 (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=795853 (af854a3a-2127-422b-91ae-364da2661108)