Fluid Attacks Database

Description

The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	systemd	>=0 <43-1	43-1
debian 13	systemd	>=0 <43-1	43-1
debian 14	systemd	>=0 <43-1	43-1
debian 12	systemd	>=0 <43-1	43-1

Aliases

1. CVE-2012-08712. NVD-2012-08713. OSV-DEBIAN-2012-08714. OSV-2012-08715. SECURITY-TRACKER-CVE-2012-0871

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.