CVE-2013-1940 — X.org-xserver vulnerability

CWE-2649 documents8 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 76.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Xorg-server X X.org-xserver Canonical Ubuntu Linux

Timeline

PublishedMay 13

Latest updateMay 17

Description

X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶Debianx.org/xorg-server< 2:1.12.4-6+3

▶NVDx/x.org-xserver1.13.3+1

Also affects: Ubuntu Linux 11.04, 11.10, 12.04, 12.10

🔴Vulnerability Details

GHSA

GHSA-hmm5-mg2w-wrfw: X↗2022-05-17

▶

CVEList

CVE-2013-1940: X↗2013-05-13

▶

OSV

CVE-2013-1940: X↗2013-05-13

▶

📋Vendor Advisories

Red Hat

xorg-x11-server: Information disclosure due enabling events from hot-plug devices despite input from the device being momentarily disabled↗2013-04-17

▶

Ubuntu

X.Org X server vulnerability↗2013-04-17

▶

Debian

CVE-2013-1940: xorg-server - X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict ...↗2013

▶

💬Community

Bugzilla

CVE-2013-1940 xorg-x11-server: Information disclosure due enabling events from hot-plug devices despite input from the device being momentarily disabled [fedora-all]↗2013-04-17

▶

Bugzilla

CVE-2013-1940 xorg-x11-server: Information disclosure due enabling events from hot-plug devices despite input from the device being momentarily disabled↗2013-04-10

▶