CVE-2011-4613

NONE
Published Feb 5, 201412y ago · Modified Jun 16, 20262w ago
Find Similar
Published Feb 5, 2014 12y ago
Last Modified Jun 16, 2026 2w ago

Description

The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-264

Affected Products 7

VendorProductVersionRange
x.orgx_server*any
canonicalubuntu_linux10.04any
canonicalubuntu_linux10.10any
canonicalubuntu_linux11.04any
canonicalubuntu_linux11.10any
debiandebian_linux*any
ubuntulinux*any

References 3

  • bugs.debian.org http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652249
    Vendor Advisory
  • debian.org http://www.debian.org/security/2011/dsa-2364
    Vendor Advisory
  • ubuntu.com http://www.ubuntu.com/usn/USN-1349-1
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.