CVE-2013-4394

NameCVE-2013-4394
DescriptionThe SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2777-1
Debian Bugs725357

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
systemd (PTS)jessie, jessie (lts)215-17+deb8u15fixed
stretch (security)232-25+deb9u14fixed
stretch (lts), stretch232-25+deb9u17fixed
buster, buster (lts)241-7~deb10u11fixed
buster (security)241-7~deb10u10fixed
bullseye247.3-7+deb11u5fixed
bullseye (security)247.3-7+deb11u6fixed
bookworm252.30-1~deb12u2fixed
sid, trixie256.7-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
systemdsourcewheezy44-11+deb7u4DSA-2777-1
systemdsource(unstable)204-5725357

Notes

https://bugzilla.redhat.com/show_bug.cgi?id=862324
http://cgit.freedesktop.org/systemd/systemd/commit/?id=0b507b17a760b21e33fc52ff377db6aa5086c680

Search for package or bug name: Reporting problems