X.Org X server prior to 1.13.4 and 1.4.x prior to 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate malicious users to obtain sensitive information, as demonstrated by reading passwords from a tty.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
x x.org-xserver 1.4.0 |
||
x x.org-xserver |
||
canonical ubuntu linux 12.10 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 11.10 |
||
canonical ubuntu linux 11.04 |