CVE-2011-4613

Priority
Medium
Description
The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu
Linux does not properly verify the TTY of a user who is starting X, which
allows local users to bypass intended access restrictions by associating
stdin with a file that is misinterpreted as the console TTY.
References
Bugs
Notes
jdstrand> requires pty access. In combination with CVE-2011-4029 this becomes
more important, but that CVE is fixed in Ubuntu.
mdeslaur> Debian fixed this by dropping support for alternate TTY devices,
mdeslaur> which we need for upstart support. See changelog for
mdeslaur> (1:7.4~2ubuntu2) and (1:7.4~4).
Assigned-to
mdeslaur
Package
Source: xorg (LP Ubuntu Debian)
Upstream:released (1:7.6+10)
Ubuntu 10.04 LTS (Lucid Lynx):released (1:7.5+5ubuntu1.1)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (1:7.6+10ubuntu1)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-02-14 14:14:50 UTC (commit 7751)