2.1
CVSSv2

CVE-2013-1940

Published: 13/05/2013 Updated: 21/06/2013
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

X.Org X server prior to 1.13.4 and 1.4.x prior to 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate malicious users to obtain sensitive information, as demonstrated by reading passwords from a tty.

Vendor Advisories

Synopsis Low: xorg-x11-server security and bug fix update Type/Severity Security Advisory: Low Topic Updated xorg-x11-server packages that fix one security issue and severalbugs are now available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having low security i ...
The X server could be made to reveal keystrokes of other users ...
David Airlie and Peter Hutterer of Red Hat discovered that xorg-server, the XOrg X server was vulnerable to an information disclosure flaw related to input handling and devices hotplug When an X server is running but not on front (for example because of a VT switch), a newly plugged input device would still be recognized and handled by the X serv ...
A flaw was found in the way the Xorg X11 server registered new hot plugged devices If a local user switched to a different session and plugged in a new device, input from that device could become available in the previous session, possibly leading to information disclosure (CVE-2013-1940 ) ...
XOrg X server before 1134 and 14x before 1141 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty ...