oss-sec mailing list archives
CVE request: bypass default security level of the X wrapper (xserver-xorg <= 1:7.5+8)
From: vladz <vladz () devzero fr>
Date: Thu, 15 Dec 2011 19:09:47 +0100
Hi, On Debian systems, the X wrapper (/usr/bin/X) is a setuid-root binary that checks for some security requirements before launching Xorg with root privileges. By default, the wrapper's configuration file only allows users whose controlling TTY (console) to start the X server, but it is possible to bypass this restriction by connecting another file (with similar tty properties) to standard input before launching the X wrapper. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652249 Could you allocate CVE id for this issue? Thank you, vladz.
Current thread:
- CVE request: bypass default security level of the X wrapper (xserver-xorg <= 1:7.5+8) vladz (Dec 15)
- Re: CVE request: bypass default security level of the X wrapper (xserver-xorg <= 1:7.5+8) Kurt Seifried (Dec 15)