PT-2012-1113 · X.Org · Xkeyboard-Config+1

Huzaifa S. Sidhpurwala

Published

2012-01-27

Updated

2014-02-11

CVE-2012-0064

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions xkeyboard-config versions prior to 2.5 X.Org versions prior to 7.6

Description The issue allows physically proximate attackers to bypass an X screen lock via certain keyboard combinations that break the input grab, due to the enabling of certain XKB debugging functions by default. Exploitation of this issue can lead to a violation of confidentiality, integrity, and availability of protected information, and can be performed locally.

Recommendations For xkeyboard-config versions prior to 2.5, consider disabling the XKB debugging functions to prevent exploitation. For X.Org versions prior to 7.6, update to a version that has the XKB debugging functions disabled by default or apply a configuration change to disable these functions.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2015-09444

CVE-2012-0064

Affected Products

X.Org

Xkeyboard-Config

PT-2012-1113 · X.Org · Xkeyboard-Config+1

CVE-2012-0064

Weakness Enumeration

Related Identifiers

Affected Products

References · 15