CVE-2011-4613

Priority
Medium
Description
The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu
Linux does not properly verify the TTY of a user who is starting X, which
allows local users to bypass intended access restrictions by associating
stdin with a file that is misinterpreted as the console TTY.
References
Bugs
Notes
 jdstrand> requires pty access. In combination with CVE-2011-4029 this becomes
  more important, but that CVE is fixed in Ubuntu.
 mdeslaur> Debian fixed this by dropping support for alternate TTY devices,
 mdeslaur> which we need for upstart support. See changelog for
 mdeslaur> (1:7.4~2ubuntu2) and (1:7.4~4).
Assigned-to
mdeslaur
Package
Source: xorg (LP Ubuntu Debian)
Upstream:released (1:7.6+10)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (1:7.6+10ubuntu1)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:40:16 UTC (commit 9756)