The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.
References
| Link | Resource |
|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652249 | Vendor Advisory |
| http://www.debian.org/security/2011/dsa-2364 | Vendor Advisory |
| http://www.ubuntu.com/usn/USN-1349-1 | Vendor Advisory |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652249 | Vendor Advisory |
| http://www.debian.org/security/2011/dsa-2364 | Vendor Advisory |
| http://www.ubuntu.com/usn/USN-1349-1 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:32
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652249 - Vendor Advisory | |
| References | () http://www.debian.org/security/2011/dsa-2364 - Vendor Advisory | |
| References | () http://www.ubuntu.com/usn/USN-1349-1 - Vendor Advisory |
Information
Published : 2014-02-05 19:55
Updated : 2024-11-21 01:32
NVD link : CVE-2011-4613
Mitre link : CVE-2011-4613
CVE.ORG link : CVE-2011-4613
JSON object : View
Products Affected
canonical
- ubuntu_linux
ubuntu
- linux
debian
- debian_linux
x.org
- x_server
CWE
CWE-264
Permissions, Privileges, and Access Controls