Vulnerability Description
The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Systemd Project | Systemd | < 194 |
| Debian | Debian Linux | 7.0 |
Related Weaknesses (CWE)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357Issue TrackingThird Party Advisory
- http://www.debian.org/security/2013/dsa-2777Third Party Advisory
- http://www.openwall.com/lists/oss-security/2013/10/01/9Mailing ListThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=862324Issue TrackingPatchThird Party Advisory
- https://security.gentoo.org/glsa/201612-34Third Party Advisory
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357Issue TrackingThird Party Advisory
- http://www.debian.org/security/2013/dsa-2777Third Party Advisory
- http://www.openwall.com/lists/oss-security/2013/10/01/9Mailing ListThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=862324Issue TrackingPatchThird Party Advisory
- https://security.gentoo.org/glsa/201612-34Third Party Advisory
FAQ
What is CVE-2013-4394?
CVE-2013-4394 is a vulnerability with a CVSS score of 5.9 (MEDIUM). The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the g...
How severe is CVE-2013-4394?
CVE-2013-4394 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4394?
Check the references section above for vendor advisories and patch information. Affected products include: Systemd Project Systemd, Debian Debian Linux.