Published: 28/10/2013 Updated: 31/01/2022

CVSS v2 Base Score: 5.9 | Impact Score: 9.5 | Exploitability Score: 1.9

VMScore: 525

Vector: AV:L/AC:H/Au:N/C:C/I:C/A:P

The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters."

Vulnerable Product	Search on Vulmon	Subscribe to Product
systemd project systemd
debian debian linux 7.0

Debian Bug report logs - #725357 CVE-2013-4392: TOCTOU race condition when updating file permissions and SELinux security contexts Package: systemd; Maintainer for systemd is Debian systemd Maintainers <pkg-systemd-maintainers@listsaliothdebianorg>; Source for systemd is src:systemd (PTS, buildd, popcon) Reported by: Mori ...

The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters" ...

CWE-276 https://bugzilla.redhat.com/show_bug.cgi?id=862324 http://www.openwall.com/lists/oss-security/2013/10/01/9 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357 http://www.debian.org/security/2013/dsa-2777 https://security.gentoo.org/glsa/201612-34 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357 https://access.redhat.com/security/cve/cve-2013-4394

CVE-2013-4394

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect