oss-sec mailing list archives

CVE request: bypass default security level of the X wrapper (xserver-xorg <= 1:7.5+8)

From: vladz <vladz () devzero fr>
Date: Thu, 15 Dec 2011 19:09:47 +0100

Hi,

On Debian systems, the X wrapper (/usr/bin/X) is a setuid-root binary that
checks for some security requirements before launching Xorg with root
privileges.  

By default, the wrapper's configuration file only allows users whose
controlling TTY (console) to start the X server, but it is possible to
bypass this restriction by connecting another file (with similar tty
properties) to standard input before launching the X wrapper.

  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652249

Could you allocate CVE id for this issue?

Thank you,
vladz.

Current thread:

CVE request: bypass default security level of the X wrapper (xserver-xorg <= 1:7.5+8) vladz (Dec 15)
- Re: CVE request: bypass default security level of the X wrapper (xserver-xorg <= 1:7.5+8) Kurt Seifried (Dec 15)