CVE-2013-2207
Description
pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
GNU C Library (glibc) before 2.18 has a pt_chown vulnerability allowing local users to change permissions on tty files via a FUSE file system.
Vulnerability
CVE-2013-2207 is a privilege/ownership validation flaw in the pt_chown helper program included with the GNU C Library (glibc) before version 2.18. The program does not properly check permissions when changing the ownership and mode of pseudo-terminal (pty) slave device files, allowing a local user to modify the permissions on arbitrary tty files if they can present a FUSE file system that returns a different file system type than expected [2]. This oversight means that under specific conditions, the permission check intended to restrict which users can write to ptys can be bypassed.
Exploitation
An attacker must have local access to the system and be able to mount or trigger a FUSE file system. The exploit leverages the fact that pt_chown trusts the file system type reported by stat() without adequately verifying the permissions. By placing a pseudo-terminal device node on a FUSE file system and controlling the file system implementation, the attacker can cause pt_chown to change the ownership of the slave pty file to the attacker's user ID, or to make it world-writable [2]. No additional authentication is required beyond local shell access.
Impact
Successful exploitation allows the attacker to gain write access to a pseudo-terminal slave device that they should not normally control. This can lead to privilege escalation (e.g., hijacking another user's terminal session) or information disclosure by reading input from or injecting output into sessions of other users who rely on the same pseudo-terminal. In a shared system, this undermines the isolation enforced by the tty permission model [2].
Mitigation
The vulnerability is fixed in glibc version 2.18, released on August 12, 2013 [1]. Users should upgrade to glibc 2.18 or later. Gentoo Linux provides an updated package version 2.19-r1 or later to address this and other vulnerabilities [3]. No workaround is available other than applying the fix. This CVE is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
39cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*+ 25 more
- cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*range: <=2.17
- cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
- osv-coords11 versionspkg:rpm/opensuse/glibc&distro=openSUSE%20Tumbleweedpkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSSpkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP3pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP3pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
< 2.24-2.3+ 10 more
- (no CPE)range: < 2.24-2.3
- (no CPE)range: < 2.11.3-17.87.3
- (no CPE)range: < 2.11.3-17.87.3
- (no CPE)range: < 2.11.3-17.45.66.1
- (no CPE)range: < 2.11.3-17.87.3
- (no CPE)range: < 2.11.3-17.87.3
- (no CPE)range: < 2.11.3-17.87.3
- (no CPE)range: < 2.11.3-17.87.3
- (no CPE)range: < 2.11.3-17.87.3
- (no CPE)range: < 2.11.3-17.87.3
- (no CPE)range: < 2.11.3-17.87.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- bugzilla.redhat.com/show_bug.cginvdPatch
- sourceware.org/bugzilla/show_bug.cginvdPatch
- lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.htmlnvd
- secunia.com/advisories/55113nvd
- www.mandriva.com/security/advisoriesnvd
- www.ubuntu.com/usn/USN-2985-1nvd
- www.ubuntu.com/usn/USN-2985-2nvd
- security.gentoo.org/glsa/201503-04nvd
News mentions
0No linked articles in our index yet.