CVE-2013-4169

Name of the Vulnerable Software and Affected Versions gdm versions prior to 2.21.1 gdm-docs versions 2.16.0 gdm-debuginfo versions 2.16.0 initscripts versions 8.45.42 initscripts-debuginfo versions 8.45.42

Description The issue allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/. This can lead to a disruption of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be carried out locally.

Recommendations For gdm versions prior to 2.21.1, update to version 2.21.1 or later to resolve the issue. For gdm-docs versions 2.16.0, consider disabling the vulnerable component until a patch is available. For gdm-debuginfo versions 2.16.0, restrict access to the vulnerable module to minimize the risk of exploitation. For initscripts versions 8.45.42, avoid using the vulnerable parameters in the affected API endpoint until the issue is resolved. For initscripts-debuginfo versions 8.45.42, as a temporary workaround, consider disabling the vulnerable function until a patch is available.