Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2013-1940

Published: 13/05/2013 Updated: 21/06/2013
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Subscribe to X

Vulnerability Summary

X.Org X server prior to 1.13.4 and 1.4.x prior to 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate malicious users to obtain sensitive information, as demonstrated by reading passwords from a tty.

Vulnerable Product Search on Vulmon Subscribe to Product

x x.org-xserver 1.4.0

x x.org-xserver

canonical ubuntu linux 12.10

canonical ubuntu linux 12.04

canonical ubuntu linux 11.10

canonical ubuntu linux 11.04

Vendor Advisories

Red Hat: Low: xorg-x11-server security and bug fix update
Synopsis Low: xorg-x11-server security and bug fix update Type/Severity Security Advisory: Low Topic Updated xorg-x11-server packages that fix one security issue and severalbugs are now available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having low security i ...
Ubuntu Security Notice: xorg-server, xorg-server-lts-quantal vulnerability
The X server could be made to reveal keystrokes of other users ...
Debian Security Advisories: DSA-2661-1 xorg-server -- information disclosure
David Airlie and Peter Hutterer of Red Hat discovered that xorg-server, the XOrg X server was vulnerable to an information disclosure flaw related to input handling and devices hotplug When an X server is running but not on front (for example because of a VT switch), a newly plugged input device would still be recognized and handled by the X serv ...
Amazon Linux AMI: ALAS-2013-260
A flaw was found in the way the Xorg X11 server registered new hot plugged devices If a local user switched to a different session and plugged in a new device, input from that device could become available in the previous session, possibly leading to information disclosure (CVE-2013-1940) ...
Red Hat: CVE-2013-1940
XOrg X server before 1134 and 14x before 1141 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty ...

References

CWE-264http://www.ubuntu.com/usn/USN-1803-1https://bugs.freedesktop.org/show_bug.cgi?id=63353http://www.debian.org/security/2013/dsa-2661http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102391.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-April/104089.htmlhttp://www.openwall.com/lists/oss-security/2013/04/18/3http://lists.opensuse.org/opensuse-updates/2013-06/msg00015.htmlhttps://access.redhat.com/errata/RHSA-2013:1620https://usn.ubuntu.com/1803-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2013-1940
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-47626CVE-2024-3400physicalCVE-2024-31426CVE-2024-22423CVE-2024-22438injectlocal usersCVE-2024-3797
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook