PT-2013-1063 · X.Org+3 · Xorg-Server+4

Peter Hutterer

Published

2013-05-13

Updated

2014-06-02

CVE-2013-1940

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions X.Org X server versions prior to 1.13.4 X.Org X server versions 1.4.x prior to 1.14.1 xorg-server versions prior to 1.14.3-r2

Description The issue is related to the X.Org X server, which does not properly restrict access to input events when adding a new hot-plug device. This might allow physically proximate attackers to obtain sensitive information, such as reading passwords from a tty. Multiple vulnerabilities in the xorg-server package may lead to violations of confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be done remotely.

Recommendations For X.Org X server versions prior to 1.13.4, update to version 1.13.4 or later. For X.Org X server versions 1.4.x prior to 1.14.1, update to version 1.14.1 or later. For xorg-server versions prior to 1.14.3-r2, update to version 1.14.3-r2 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2015-01747

BDU:2015-09727

CESA-2013_1620

CVE-2013-1940

DSA-2661-1

OPENSUSE-SU-2024:10518-1

RHSA-2013:1620

RHSA-2013_1620

SUSE-SU-2013_0857-1

SUSE-SU-2013_0859-1

SUSE-SU-2014_0744-1

Affected Products

Centos

Red Hat

Suse

X.Org Server

Xorg-Server

PT-2013-1063 · X.Org+3 · Xorg-Server+4

CVE-2013-1940

Weakness Enumeration

Related Identifiers

Affected Products

References · 43