CVE-2012-0871

medium

Published 2014-04-18 · Modified 2026-05-06

CVSS v3

—

CVSS v2

6.3

VIR risk

6.3

Description

The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-0871

OS impact

OS	Version	Status	Fixed in
suse	12.1	affected
debian	bookworm	fixed	`43-1`
debian	bullseye	fixed	`43-1`
debian	forky	fixed	`43-1`
debian	sid	fixed	`43-1`
debian	trixie	fixed	`43-1`

Application impact

Vendor	Product	Versions
systemd_project	systemd	`{"endIncluding":"037"}`
systemd_project	systemd	`1`
systemd_project	systemd	`2`
systemd_project	systemd	`3`
systemd_project	systemd	`4`
systemd_project	systemd	`5`
systemd_project	systemd	`6`
systemd_project	systemd	`7`
systemd_project	systemd	`8`
systemd_project	systemd	`9`
systemd_project	systemd	`10`
systemd_project	systemd	`11`
systemd_project	systemd	`12`
systemd_project	systemd	`13`
systemd_project	systemd	`14`
systemd_project	systemd	`15`
systemd_project	systemd	`16`
systemd_project	systemd	`17`
systemd_project	systemd	`18`
systemd_project	systemd	`19`
systemd_project	systemd	`20`
systemd_project	systemd	`21`
systemd_project	systemd	`22`
systemd_project	systemd	`23`
systemd_project	systemd	`24`
systemd_project	systemd	`25`
systemd_project	systemd	`26`
systemd_project	systemd	`27`
systemd_project	systemd	`28`
systemd_project	systemd	`29`
systemd_project	systemd	`30`
systemd_project	systemd	`31`
systemd_project	systemd	`32`
systemd_project	systemd	`33`
systemd_project	systemd	`34`
systemd_project	systemd	`35`
systemd_project	systemd	`36`

References

CWEs

CWE-59

Verify integrity in audit chain (admin only). AS-IS.