Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-4613

The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.

Related bugs and status

CVE-2011-4613 (Candidate) is related to these bugs:

Bug #918332: CVE-2011-4613 tracking bug

		In	Importance	Status
918332	CVE-2011-4613 tracking bug	xorg (Ubuntu)	Medium	Fix Released
918332	CVE-2011-4613 tracking bug	xorg (Ubuntu Lucid)	Medium	Fix Released
918332	CVE-2011-4613 tracking bug	xorg (Ubuntu Maverick)	Medium	Fix Released
918332	CVE-2011-4613 tracking bug	xorg (Ubuntu Precise)	Medium	Fix Released
918332	CVE-2011-4613 tracking bug	xorg (Ubuntu Natty)	Medium	Fix Released
918332	CVE-2011-4613 tracking bug	xorg (Ubuntu Oneiric)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://bugs.debian.org...
MISC: http://www.debian.org/...
MISC: http://www.ubuntu.com/...