CVE-2011-4613

X.Org X Server - Local Access Restriction Bypass via TTY Verification Flaw

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4613. PoCs published by vladz.

AI-analyzed exploit summary This exploit leverages a race condition in Xorg (CVE-2011-4029 and CVE-2011-4613) to change file permissions on arbitrary files, such as /etc/shadow, by manipulating symlinks and process signals. It uses inotify to monitor file creation and SIGSTOP/SIGCONT to pause and resume the Xorg process at a critical moment.

Description

The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.

Exploits (1)

exploitdb WORKING POC

by vladz · clocallinux

https://www.exploit-db.com/exploits/18040

View Code ZIP pw:eip

This exploit leverages a race condition in Xorg (CVE-2011-4029 and CVE-2011-4613) to change file permissions on arbitrary files, such as /etc/shadow, by manipulating symlinks and process signals. It uses inotify to monitor file creation and SIGSTOP/SIGCONT to pause and resume the Xorg process at a critical moment.

Classification

Working Poc 100%

Attack Type

Other

Complexity

Complex

Reliability

Racy

Target: Xorg 1.4 to 1.11.2 (and earlier versions with USE_CHMOD)

No auth needed

Prerequisites: Access to a system with vulnerable Xorg version · Ability to execute binaries · Inotify support enabled

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1222 - File and Directory Permissions Modification

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory x_refsource_misc

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652249

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1349-1

Vendor Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2011/dsa-2364

Scores

EPSS 0.0086

EPSS Percentile 53.6%

Details

CWE

CWE-264

Status published

Products (7)

canonical/ubuntu_linux 10.04

canonical/ubuntu_linux 10.10

canonical/ubuntu_linux 11.04

canonical/ubuntu_linux 11.10

debian/debian_linux

ubuntu/linux

x.org/x_server

Published Feb 05, 2014

Tracked Since Feb 18, 2026