CVE-2013-4394

high

Description

The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters."

References

https://security.gentoo.org/glsa/201612-34

https://bugzilla.redhat.com/show_bug.cgi?id=862324

http://www.openwall.com/lists/oss-security/2013/10/01/9

http://www.debian.org/security/2013/dsa-2777

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357

Details

Source: Mitre, NVD

Published: 2013-10-28

Updated: 2022-01-31

Risk Information

CVSS v2

Base Score: 5.9

Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High