CVE-2011-4613

2014-02-0519:55:28

CWE-264

[email protected]

web.nvd.nist.gov

x.org

x wrapper

debian

ubuntu

access restrictions

cve-2011-4613

nvd

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.

Affected configurations

NVD

Node

x.orgx_serverMatch-

canonicalubuntu_linuxMatch10.04-lts

canonicalubuntu_linuxMatch10.10

canonicalubuntu_linuxMatch11.04

canonicalubuntu_linuxMatch11.10

debiandebian_linux

ubuntulinux

CPENameOperatorVersion
x.org:x_serverx.org x servereq-
canonical:ubuntu_linuxcanonical ubuntu linuxeq10.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq10.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq11.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq11.10
debian:debian_linuxdebian debian linuxeq*
ubuntu:linuxubuntu linuxeq*

CPE	Name	Operator	Version
x.org:x_server	x.org x server	eq	-
canonical:ubuntu_linux	canonical ubuntu linux	eq	10.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	10.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	11.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	11.10
debian:debian_linux	debian debian linux	eq	*
ubuntu:linux	ubuntu linux	eq	*