CVE-2013-4394

The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters."

CVSS v2.0 5.9 MEDIUM

5.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:H/Au:N/C:C/I:C/A:P

Exploitability : 1.9 / Impact : 9.5

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact PARTIAL

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357	Issue Tracking Third Party Advisory
http://www.debian.org/security/2013/dsa-2777	Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/10/01/9	Mailing List Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=862324	Issue Tracking Patch Third Party Advisory
https://security.gentoo.org/glsa/201612-34	Third Party Advisory
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357	Issue Tracking Third Party Advisory
http://www.debian.org/security/2013/dsa-2777	Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/10/01/9	Mailing List Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=862324	Issue Tracking Patch Third Party Advisory
https://security.gentoo.org/glsa/201612-34	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

History

21 Nov 2024, 01:55

Type	Values Removed	Values Added
References	~~() http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357 - Issue Tracking, Third Party Advisory~~	() http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357 - Issue Tracking, Third Party Advisory
References	~~() http://www.debian.org/security/2013/dsa-2777 - Third Party Advisory~~	() http://www.debian.org/security/2013/dsa-2777 - Third Party Advisory
References	~~() http://www.openwall.com/lists/oss-security/2013/10/01/9 - Mailing List, Third Party Advisory~~	() http://www.openwall.com/lists/oss-security/2013/10/01/9 - Mailing List, Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=862324 - Issue Tracking, Patch, Third Party Advisory~~	() https://bugzilla.redhat.com/show_bug.cgi?id=862324 - Issue Tracking, Patch, Third Party Advisory
References	~~() https://security.gentoo.org/glsa/201612-34 - Third Party Advisory~~	() https://security.gentoo.org/glsa/201612-34 - Third Party Advisory

Information

Published : 2013-10-28 22:55

Updated : 2025-04-11 00:51

NVD link : CVE-2013-4394

Mitre link : CVE-2013-4394

CVE.ORG link : CVE-2013-4394

JSON object : View

Products Affected

debian

debian_linux

systemd_project

systemd

CWE

CWE-276

Incorrect Default Permissions

5.9 /10