Local User Access Bypass in Debian and Ubuntu Linux X.Org
CVE-2011-4613

Currently unrated

Key Information:

Vendor: Canonical
Status: Ubuntu Linux; Debian Linux; Linux; X Server
Vendor: CVE Published:; 5 February 2014

Summary

The X.Org X wrapper in Debian GNU/Linux and Ubuntu Linux fails to adequately authenticate the TTY of users attempting to initiate an X session. This oversight allows a local user to manipulate stdin to link it with a file perceived as the console TTY, thereby bypassing security measures designed to maintain access control. This vulnerability poses a significant risk in environments where local user integrity is paramount, enabling unauthorized access and potential system compromise.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652249

x_refsource_MISC

http://www.ubuntu.com/usn/USN-1349-1

vendor-advisoryx_refsource_UBUNTU

http://www.debian.org/security/2011/dsa-2364

vendor-advisoryx_refsource_DEBIAN

Timeline

Vulnerability published
Feb 5, 2014
Vulnerability Reserved
Nov 29, 2011