CVE-2011-4613
published 2014-02-05CVE-2011-4613: The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local…
PriorityP420medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
0.86%
54.0th percentile
The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | xorg | < xorg 1:7.6+10 (bookworm) | xorg 1:7.6+10 (bookworm) |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6LOW
vendor_redhat4.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-59qr-5c97-267m: The X
ghsa_unreviewed·2022-05-13
CVE-2011-4613 [MEDIUM] GHSA-59qr-5c97-267m: The X
The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.
OSV
CVE-2011-4613: The X
osv·2014-02-05·CVSS 4.6
CVE-2011-4613 [MEDIUM] CVE-2011-4613: The X
The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.
Ubuntu
X.Org vulnerability
vendor_ubuntu·2012-01-26
CVE-2011-4613 X.Org vulnerability
Title: X.Org vulnerability
Summary: X could be made to start by a user who lacked appropriate permissions.
It was discovered that the X wrapper incorrectly checked certain console
permissions when launched by unprivileged users. An attacker connected
remotely could use this flaw to start X, bypassing the console permissions
check.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
xorg-x11-server: wrapper security bypass
vendor_redhat·2011-12-15·CVSS 4.6
CVE-2011-4613 [MEDIUM] xorg-x11-server: wrapper security bypass
xorg-x11-server: wrapper security bypass
The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.
Package: xorg-x11-server (Red Hat Enterprise Linux 5) - Not affected
Package: xorg-x11-server (Red Hat Enterprise Linux 6) - Not affected
Package: xorg-x11-server (Red Hat Enterprise Linux 7) - Not affected
Package: xorg-x11-server (Red Hat Enterprise Linux 8) - Not affected
Package: xorg-x11-server (Red Hat Enterprise Linux 9) - Not affected
Debian
CVE-2011-4613: xorg - The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux doe...
vendor_debian·2011·CVSS 4.6
CVE-2011-4613 [MEDIUM] CVE-2011-4613: xorg - The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux doe...
The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.
Scope: local
bookworm: resolved (fixed in 1:7.6+10)
bullseye: resolved (fixed in 1:7.6+10)
forky: resolved (fixed in 1:7.6+10)
sid: resolved (fixed in 1:7.6+10)
trixie: resolved (fixed in 1:7.6+10)
No detection rules found.
Bugzilla
CVE-2011-4613 xorg-x11-server: wrapper security bypass
bugzilla·2020-08-26·CVSS 4.6
CVE-2011-4613 [MEDIUM] CVE-2011-4613 xorg-x11-server: wrapper security bypass
CVE-2011-4613 xorg-x11-server: wrapper security bypass
The X.Org X wrapper (xserver-wrapper.c) in Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.
Discussion:
Created xorg-x11-server tracking bugs for this issue:
Affects: fedora-all [bug 1872641]
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2011-4613
Bugzilla
CVE-2011-4613 xorg-x11-server: wrapper security bypass [fedora-all]
bugzilla·2020-08-26·CVSS 4.6
CVE-2011-4613 [MEDIUM] CVE-2011-4613 xorg-x11-server: wrapper security bypass [fedora-all]
CVE-2011-4613 xorg-x11-server: wrapper security bypass [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora
2014-02-05
Published