Vulnerability Description
The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Systemd Project | Systemd | <= 037 |
| Opensuse | Opensuse | 12.1 |
Related Weaknesses (CWE)
References
- http://cgit.freedesktop.org/systemd/systemd/commit/?id=fc3c1c6e091ea16ad5600b145
- http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00030.html
- http://www.osvdb.org/79768
- https://bugzilla.novell.com/show_bug.cgi?id=747154
- https://bugzilla.redhat.com/show_bug.cgi?id=795853
- http://cgit.freedesktop.org/systemd/systemd/commit/?id=fc3c1c6e091ea16ad5600b145
- http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00030.html
- http://www.osvdb.org/79768
- https://bugzilla.novell.com/show_bug.cgi?id=747154
- https://bugzilla.redhat.com/show_bug.cgi?id=795853
FAQ
What is CVE-2012-0871?
CVE-2012-0871 is a vulnerability with a CVSS score of 6.3 (MEDIUM). The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on ...
How severe is CVE-2012-0871?
CVE-2012-0871 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-0871?
Check the references section above for vendor advisories and patch information. Affected products include: Systemd Project Systemd, Opensuse Opensuse.