CVE-2011-4613
Published: 15 December 2011
The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.
Notes
Author | Note |
---|---|
jdstrand | requires pty access. In combination with CVE-2011-4029 this becomes more important, but that CVE is fixed in Ubuntu. |
mdeslaur | Debian fixed this by dropping support for alternate TTY devices, which we need for upstart support. See changelog for (1:7.4~2ubuntu2) and (1:7.4~4). |