CVE-2013-1940

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty.

References

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102391.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104089.html

http://lists.opensuse.org/opensuse-updates/2013-06/msg00015.html

http://www.debian.org/security/2013/dsa-2661

http://www.openwall.com/lists/oss-security/2013/04/18/3

http://www.ubuntu.com/usn/USN-1803-1

https://bugs.freedesktop.org/show_bug.cgi?id=63353

Details

Source: MITRE

Published: 2013-05-13

Updated: 2013-06-21

Type: CWE-264

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

Tenable Plugins

View all (16 total)

IDNameProductFamilySeverity
83587SUSE SLED10 / SLES10 Security Update : xorg-x11-server (SUSE-SU-2013:0857-1)NessusSuSE Local Security Checks
low
79168CentOS 6 : xorg-x11-server (CESA-2013:1620)NessusCentOS Local Security Checks
low
74992openSUSE Security Update : xorg-x11-server (openSUSE-SU-2013:0937-1)NessusSuSE Local Security Checks
low
74028GLSA-201405-07 : X.Org X Server: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
71400Amazon Linux AMI : xorg-x11-server (ALAS-2013-260)NessusAmazon Linux Local Security Checks
low
71302Scientific Linux Security Update : xorg-x11-server on SL6.x i386/x86_64 (20131121)NessusScientific Linux Local Security Checks
low
71130Oracle Linux 6 : xorg-x11-server (ELSA-2013-1620)NessusOracle Linux Local Security Checks
low
71011RHEL 6 : xorg-x11-server (RHSA-2013:1620)NessusRed Hat Local Security Checks
low
67345Fedora 17 : xorg-x11-server-1.12.4-7.fc17 (2013-5967)NessusFedora Local Security Checks
low
66803SuSE 10 Security Update : xorg-x11-server (ZYPP Patch Number 8561)NessusSuSE Local Security Checks
low
66801SuSE 11.2 Security Update : Xorg (SAT Patch Number 7761)NessusSuSE Local Security Checks
low
66258Fedora 19 : xorg-x11-server-1.14.0-6.fc19 (2013-5883)NessusFedora Local Security Checks
low
66167Fedora 18 : xorg-x11-server-1.13.3-3.fc18 (2013-5928)NessusFedora Local Security Checks
low
66158Slackware 13.37 / 14.0 / current : xorg-server (SSA:2013-109-01)NessusSlackware Local Security Checks
low
66022Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : xorg-server, xorg-server-lts-quantal vulnerability (USN-1803-1)NessusUbuntu Local Security Checks
low
66004Debian DSA-2661-1 : xorg-server - information disclosureNessusDebian Local Security Checks
low