CVE-2013-4394

NameCVE-2013-4394
DescriptionThe SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2777-1
NVD severitymedium
Debian Bugs725357

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
systemd (PTS)stretch232-25+deb9u12fixed
stretch (security)232-25+deb9u13fixed
buster, buster (security)241-7~deb10u8fixed
bullseye247.3-6fixed
bookworm, sid249.5-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
systemdsourcewheezy44-11+deb7u4DSA-2777-1
systemdsource(unstable)204-5725357

Notes

https://bugzilla.redhat.com/show_bug.cgi?id=862324
http://cgit.freedesktop.org/systemd/systemd/commit/?id=0b507b17a760b21e33fc52ff377db6aa5086c680

Search for package or bug name: Reporting problems