CVE-2013-1940

X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Affected Products (NVD)
VendorProductVersion
xx.org-xserver
𝑥
≤ 1.13.3
xx.org-xserver
1.4.0
canonicalubuntu_linux
11.04
canonicalubuntu_linux
11.10
canonicalubuntu_linux
12.04
canonicalubuntu_linux
12.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xorg-server
bookworm
2:21.1.7-3+deb12u7
fixed
bookworm (security)
2:21.1.7-3+deb12u8
fixed
bullseye
2:1.20.11-1+deb11u13
fixed
bullseye (security)
2:1.20.11-1+deb11u14
fixed
sid
2:21.1.14-1
fixed
trixie
2:21.1.14-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xorg-server
hardy
ignored
lucid
Fixed 2:1.7.6-2ubuntu7.12
released
oneiric
Fixed 2:1.10.4-1ubuntu4.5
released
precise
Fixed 2:1.11.4-0ubuntu10.13
released
quantal
Fixed 2:1.13.0-0ubuntu6.2
released
xorg-server-lts-quantal
hardy
dne
lucid
dne
oneiric
dne
precise
Fixed 2:1.13.0-0ubuntu6.1~precise3
released
quantal
dne
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
xorg-x11-server
suse enterprise desktop 15
1.19.6-6.19
fixed
suse enterprise sap 12 SP5
1.19.6-8.18
fixed
suse enterprise sap 15
1.19.6-6.19
fixed
suse enterprise server 12 SP5
1.19.6-8.18
fixed
suse enterprise server 15
1.19.6-6.19
fixed
xorg-x11-server-extra
suse enterprise desktop 15
1.19.6-6.19
fixed
suse enterprise sap 12 SP5
1.19.6-8.18
fixed
suse enterprise sap 15
1.19.6-6.19
fixed
suse enterprise server 12 SP5
1.19.6-8.18
fixed
suse enterprise server 15
1.19.6-6.19
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
xorg-x11-server-Xdmx
RHEL 6
0:1.13.0-23.el6
fixed
xorg-x11-server-Xephyr
RHEL 6
0:1.13.0-23.el6
fixed
xorg-x11-server-Xnest
RHEL 6
0:1.13.0-23.el6
fixed
xorg-x11-server-Xorg
RHEL 6
0:1.13.0-23.el6
fixed
xorg-x11-server-Xvfb
RHEL 6
0:1.13.0-23.el6
fixed
xorg-x11-server-common
RHEL 6
0:1.13.0-23.el6
fixed
xorg-x11-server-devel
RHEL 6
0:1.13.0-23.el6
fixed
xorg-x11-server-source
RHEL 6
0:1.13.0-23.el6
fixed
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102391.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104089.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00015.html
http://www.debian.org/security/2013/dsa-2661
http://www.openwall.com/lists/oss-security/2013/04/18/3
http://www.ubuntu.com/usn/USN-1803-1
https://bugs.freedesktop.org/show_bug.cgi?id=63353
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102391.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104089.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00015.html
http://www.debian.org/security/2013/dsa-2661
http://www.openwall.com/lists/oss-security/2013/04/18/3
http://www.ubuntu.com/usn/USN-1803-1
https://bugs.freedesktop.org/show_bug.cgi?id=63353