Vulnerability Details : CVE-2013-6409
Debian adequate before 0.8.1, when run by root with the --user option, allows local users to hijack the tty and possibly gain privileges via the TIOCSTI ioctl.
Exploit prediction scoring system (EPSS) score for CVE-2013-6409
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-6409
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.2
|
MEDIUM | AV:L/AC:H/Au:N/C:C/I:C/A:C |
1.9
|
10.0
|
NIST |
CWE ids for CVE-2013-6409
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6409
-
http://www.securityfocus.com/bid/63994
Debian adequate '-- user' Option Local Privilege Escalation Vulnerability
-
https://bitbucket.org/jwilk/adequate/raw/tip/debian/changelog
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730691
#730691 - adequate: CVE-2013-6409: privilege escalation via tty hijacking - Debian Bug report logs
Products affected by CVE-2013-6409
- cpe:2.3:a:debian:adequate:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:adequate:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:adequate:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:debian:adequate:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:adequate:0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:adequate:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:adequate:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:debian:adequate:0.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:debian:adequate:0.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:debian:adequate:0.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:adequate:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:debian:adequate:0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:adequate:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:debian:adequate:0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:adequate:0.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:debian:adequate:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:adequate:0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:adequate:0.3.1:*:*:*:*:*:*:*