SB2013042503 - Permissions, Privileges, and Access Controls in xorg-server (Alpine package)
Published: April 25, 2013
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-1940)
The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.
X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty. Per http://www.ubuntu.com/usn/USN-1803-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10 Ubuntu 10.04 LTS"
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=2bcdd427fd00be3d82fea8571bfddbcb07ab7b6c
- https://git.alpinelinux.org/aports/commit/?id=0b5d8bad4b7b860f55937ab1b4f3418233876d11
- https://git.alpinelinux.org/aports/commit/?id=fabe21949c545ebcd527118b2672d331a424b792
- https://git.alpinelinux.org/aports/commit/?id=44d6bf4dab7b4c6f1f3d4090e98c8f661e5724ea