SB2013051406 - Permissions, Privileges, and Access Controls in NGINX xorg-server
Published: May 14, 2013 Updated: July 28, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-1940)
The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.
X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty. Per http://www.ubuntu.com/usn/USN-1803-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10 Ubuntu 10.04 LTS"
Remediation
Install update from vendor's website.
References
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102391.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104089.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00015.html
- http://www.debian.org/security/2013/dsa-2661
- http://www.openwall.com/lists/oss-security/2013/04/18/3
- http://www.ubuntu.com/usn/USN-1803-1
- https://bugs.freedesktop.org/show_bug.cgi?id=63353