CVE-2012-0871
UnknownEPSS 0.36%
Last modified
CVE-2012-0871 is a vulnerability of currently unknown severity. The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.. EPSS estimates a 0.36% chance of exploitation in the next 30 days.
Description
The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Systemd Project | Systemd | <= 037 |
| Systemd Project | Systemd | 1 |
| Systemd Project | Systemd | 2 |
| Systemd Project | Systemd | 3 |
| Systemd Project | Systemd | 4 |
| Systemd Project | Systemd | 5 |
| Systemd Project | Systemd | 6 |
| Systemd Project | Systemd | 7 |
| Systemd Project | Systemd | 8 |
| Systemd Project | Systemd | 9 |
| Systemd Project | Systemd | 10 |
| Systemd Project | Systemd | 11 |
| Systemd Project | Systemd | 12 |
| Systemd Project | Systemd | 13 |
| Systemd Project | Systemd | 14 |
| Systemd Project | Systemd | 15 |
| Systemd Project | Systemd | 16 |
| Systemd Project | Systemd | 17 |
| Systemd Project | Systemd | 18 |
| Systemd Project | Systemd | 19 |
| Systemd Project | Systemd | 20 |
| Systemd Project | Systemd | 21 |
| Systemd Project | Systemd | 22 |
| Systemd Project | Systemd | 23 |
| Systemd Project | Systemd | 24 |
| Systemd Project | Systemd | 25 |
| Systemd Project | Systemd | 26 |
| Systemd Project | Systemd | 27 |
| Systemd Project | Systemd | 28 |
| Systemd Project | Systemd | 29 |
| Systemd Project | Systemd | 30 |
| Systemd Project | Systemd | 31 |
| Systemd Project | Systemd | 32 |
| Systemd Project | Systemd | 33 |
| Systemd Project | Systemd | 34 |
| Systemd Project | Systemd | 35 |
| Systemd Project | Systemd | 36 |
| Opensuse | Opensuse | 12.1 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-0871?
The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.
How severe is CVE-2012-0871?
Severity scoring for CVE-2012-0871 is pending analysis. The EPSS model estimates a 0.36% probability of exploitation in the next 30 days.
How do I fix CVE-2012-0871?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2012-0871?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST