CVE-2013-4394

The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters."

CVSS v2.0 5.9 MEDIUM

5.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:H/Au:N/C:C/I:C/A:P

Exploitability : 1.9 / Impact : 9.5

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact PARTIAL

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=862324	Issue Tracking Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/10/01/9	Mailing List Third Party Advisory
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357	Issue Tracking Third Party Advisory
http://www.debian.org/security/2013/dsa-2777	Third Party Advisory
https://security.gentoo.org/glsa/201612-34	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Information

Published : 2013-10-28 15:55

Updated : 2022-01-31 09:50

NVD link : CVE-2013-4394

Mitre link : CVE-2013-4394

JSON object : View

CWE

CWE-276

Incorrect Default Permissions

Products Affected

debian

debian_linux

systemd_project

systemd

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=862324", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=862324", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.openwall.com/lists/oss-security/2013/10/01/9", "name": "[oss-security] 20131001 Re: [CVE request] systemd", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", "tags": ["Issue Tracking", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.debian.org/security/2013/dsa-2777", "name": "DSA-2777", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "https://security.gentoo.org/glsa/201612-34", "name": "GLSA-201612-34", "tags": ["Third Party Advisory"], "refsource": "GENTOO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving \"special and control characters.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-276"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-4394", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:P", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 9.5, "obtainAllPrivilege": false, "exploitabilityScore": 1.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-10-28T22:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "194"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-01-31T17:50Z"}

5.9 /10