CVE-2013-4394

The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters."

Published: Oct 28, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-4394
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.9
AV:L/AC:H/Au:N/C:C/I:C/A:P

CWEs:

CWE-276

Affected Software
References

Software	From	Fixed in
systemd_project / systemd	-	194
debian / debian_linux	7.0	7.0.x

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357
http://www.debian.org/security/2013/dsa-2777
http://www.openwall.com/lists/oss-security/2013/10/01/9
https://bugzilla.redhat.com/show_bug.cgi?id=862324
https://security.gentoo.org/glsa/201612-34

Vulnerability Database

289,689

CVE-2013-4394