CVE-2013-4394

CWE-276 — Incorrect Default Permissions7 documents7 sources

Severity

5.9MEDIUM

EPSS

0.1%

top 70.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Systemd Project Systemd Debian Debian Linux

Timeline

PublishedOct 28

Latest updateMay 13

Description

The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters."

CVSS vector

AV:L/AC:H/C:C/I:C/A:PExploitability: 1.9 | Impact: 9.5

Affected Packages2 packages

▶NVDsystemd_project/systemd< 194

▶Debiansystemd< 204-5+3

Also affects: Debian Linux 7.0

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-9f9x-pxgv-c6qg: The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB↗2022-05-13

▶

CVEList

CVE-2013-4394: The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB↗2013-10-28

▶

OSV

CVE-2013-4394: The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB↗2013-10-28

▶

📋Vendor Advisories

Red Hat

systemd: Improper sanitization of invalid XKB layouts descriptions (privilege escalation when custom PolicyKit local authority file used)↗2013-09-23

▶

Debian

CVE-2013-4394: systemd - The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is...↗2013

▶

💬Community

Bugzilla

CVE-2013-4394 systemd: Improper sanitization of invalid XKB layouts descriptions (privilege escalation when custom PolicyKit local authority file used)↗2012-10-02

▶