CVE-2013-4169
gdm: TOCTTOU race condition on /tmp/.X11-unix
Severity Score
8.1
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.
GNOME Display Manager (gdm) anteriores a 2.21.1 permiten a usuarios locales cambiar permisos de directorios arbitrarios a través de un ataque de enlaces simbólicos sobre /tmp/.X11-unix/.
The GNOME Display Manager provides the graphical login screen, shown shortly after boot up, log out, and when user-switching. A race condition was found in the way GDM handled the X server sockets directory located in the system temporary directory. An unprivileged user could use this flaw to perform a symbolic link attack, giving them write access to any file, allowing them to escalate their privileges to root. Note that this erratum includes an updated initscripts package. To fix CVE-2013-4169, the vulnerable code was removed from GDM and the initscripts package was modified to create the affected directory safely during the system boot process. Therefore, this update will appear on all systems, however systems without GDM installed are not affected by this flaw.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-06-12 CVE Reserved
- 2013-09-06 CVE Published
- 2024-09-16 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
- CWE-552: Files or Directories Accessible to External Parties
CAPEC
References (5)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=988498 | 2013-09-12 |
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-1213.html | 2013-09-12 | |
| http://secunia.com/advisories/54661 | 2013-09-12 | |
| https://access.redhat.com/security/cve/CVE-2013-4169 | 2013-09-05 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=988498 | 2013-09-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | <= 2.21 Search vendor "Gnome" for product "Gnome Display Manager" and version " <= 2.21" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 0.7 Search vendor "Gnome" for product "Gnome Display Manager" and version "0.7" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 1.0 Search vendor "Gnome" for product "Gnome Display Manager" and version "1.0" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.0 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.0" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.2 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.2" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.13 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.13" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.14 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.14" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.14.1 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.14.1" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.14.2 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.14.2" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.14.3 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.14.3" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.14.4 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.14.4" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.14.5 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.14.5" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.14.6 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.14.6" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.14.7 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.14.7" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.14.8 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.14.8" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.14.9 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.14.9" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.14.10 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.14.10" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.14.11 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.14.11" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.14.12 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.14.12" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.15 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.15" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.16 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.16" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.16.1 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.16.1" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.16.2 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.16.2" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.17 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.17" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.18 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.18" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.18.1 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.18.1" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.18.2 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.18.2" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.18.3 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.18.3" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.19 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.19" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.19.1 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.19.1" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.19.2 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.19.2" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.19.3 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.19.3" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.19.4 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.19.4" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.20.0 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.20.0" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.20.1 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.20.1" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.20.2 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.20.2" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.20.3 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.20.3" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.20.4 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.20.4" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.20.5 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.20.5" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.20.6 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.20.6" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.20.7 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.20.7" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.20.8 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.20.8" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.20.9 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.20.9" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gnome Display Manager Search vendor "Gnome" for product "Gnome Display Manager" | 2.20.10 Search vendor "Gnome" for product "Gnome Display Manager" and version "2.20.10" | - |
Affected
| ||||||