CVE-2011-4613

Severity

46%

Complexity

39%

Confidentiality

106%

The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.

The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 11 years ago

2014-02-05 19:55:00

Last updated 10 years ago

2014-02-25 00:16:00

Affected Software

X.Org xserver

Canonical Ubuntu Linux 10.04 LTS

10.04

Canonical Ubuntu Linux 10.10

10.10

Canonical Ubuntu Linux 11.04

11.04

Canonical Ubuntu Linux 11.10

11.10

Debian Linux

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652249

Vendor Advisory

DSA-2364

Vendor Advisory

USN-1349-1

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.