CVE-2013-4394

Published Oct 28, 2013

Last updated 3 years ago

Overview

Description: The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters."
Source: secalert@redhat.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.9
Impact score: 9.5
Exploitability score: 1.9
Vector string: AV:L/AC:H/Au:N/C:C/I:C/A:P

Weaknesses

nvd@nist.gov: CWE-276

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5357AFE5-8FD0-4691-83D8-562F1B8AB02E",
            "versionEndExcluding": "194"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References