CVE-2013-1940

Published: 17 April 2013

X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty.

Priority

Medium

Status

Package Release Status
xorg-server
Launchpad, Ubuntu, Debian
Upstream
Released (1.13.4)
Patches:
Other: https://bugs.freedesktop.org/attachment.cgi?id=77717
xorg-server-lts-quantal
Launchpad, Ubuntu, Debian
Upstream Needs triage