2.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:H/Au:N/C:P/I:P/A:N
0.0004 Low
EPSS
Percentile
5.3%
pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not
properly check permissions for tty files, which allows local users to
change the permission on the files and obtain access to arbitrary
pseudo-terminals by leveraging a FUSE file system.
Author | Note |
---|---|
mdeslaur | patch disables building of pt_chown We can’t just remove pt_chown from older releases, as unfortunately a lot of stuff still needs it, like lxc for example. We’ll need to identify them first and fix them at the same time. While this CVE was originally marked as fixed in 2.17-93ubuntu2, it got reverted in 2.17-93ubuntu4. |