CVE-2011-4613

X.org X Server - Access Control

Title source: rule

Description

The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.

Exploits (1)

exploitdb WORKING POC

by vladz · clocallinux

https://www.exploit-db.com/exploits/18040

View Code ZIP pw:eip

References (3)

[Vendor Advisory] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652249

[Vendor Advisory] http://www.debian.org/security/2011/dsa-2364

[Vendor Advisory] http://www.ubuntu.com/usn/USN-1349-1

Scores

EPSS 0.0008

EPSS Percentile 23.7%

Details

CWE

CWE-264

Status published

Products (7)

canonical/ubuntu_linux 10.04

canonical/ubuntu_linux 10.10

canonical/ubuntu_linux 11.04

canonical/ubuntu_linux 11.10

debian/debian_linux

ubuntu/linux

x.org/x_server

Published Feb 05, 2014

Tracked Since Feb 18, 2026