CVE-2012-0064
First published: Thu Jan 19 2012(Updated: )
It was found that XKB actions for debugging X.org clients were enabled by default. This could cause a screen locking application such as gnome-screensaver to be killed when those key combinations were triggered. The debugging key actions were introduced in the following commit: <a href="http://cgit.freedesktop.org/xorg/xserver/commit/?id=7d2543a3cb3089241982ce4f8984fd723d5312a1">http://cgit.freedesktop.org/xorg/xserver/commit/?id=7d2543a3cb3089241982ce4f8984fd723d5312a1</a> Reference: <a href="http://thread.gmane.org/gmane.comp.security.oss.general/6725">http://thread.gmane.org/gmane.comp.security.oss.general/6725</a> Mitigation: <a href="http://thread.gmane.org/gmane.comp.security.oss.general/6725/focus=6731">http://thread.gmane.org/gmane.comp.security.oss.general/6725/focus=6731</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| X X.org X11 | <=7.5 | |
| X X.org X11 | =1.0 | |
| X X.org X11 | =3.0 | |
| X X.org X11 | =4.0 | |
| X X.org X11 | =5.0 | |
| X X.org X11 | =6.0 | |
| X X.org X11 | =6.1 | |
| X X.org X11 | =6.3 | |
| X X.org X11 | =6.4 | |
| X X.org X11 | =6.5.1 | |
| X X.org X11 | =6.6 | |
| X X.org X11 | =6.7 | |
| X X.org X11 | =6.8 | |
| X X.org X11 | =6.8.1 | |
| X X.org X11 | =6.8.2 | |
| X X.org X11 | =6.9.0 | |
| X X.org X11 | =7.0 | |
| X X.org X11 | =7.1 | |
| X X.org X11 | =7.2 | |
| X X.org X11 | =7.3 | |
| X X.org X11 | =7.4 | |
| X X.org X11 | =7.5 | |
| Xkeyboard Config Project Xkeyboard-config | <=2.4 | |
| Xkeyboard Config Project Xkeyboard-config | =2.0 | |
| Xkeyboard Config Project Xkeyboard-config | =2.1 | |
| Xkeyboard Config Project Xkeyboard-config | =2.2 | |
| Xkeyboard Config Project Xkeyboard-config | =2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://gu1.aeroxteam.fr/2012/01/19/bypass-screensaver-locker-program-xorg-111-and-up/
- http://lists.x.org/archives/xorg-announce/2012-January/001797.html
- http://lists.x.org/archives/xorg-devel/2012-January/028691.html
- http://securitytracker.com/id?1026549
- http://who-t.blogspot.com/2012/01/xkb-breaking-grabs-cve-2012-0064.html
- http://www.openwall.com/lists/oss-security/2012/01/19/6
- http://www.osvdb.org/78445
- http://www.x.org/wiki/Development/Security/
- https://bugzilla.redhat.com/show_bug.cgi?id=783039
- http://cgit.freedesktop.org/xorg/xserver/commit/?id=7d2543a3cb3089241982ce4f8984fd723d5312a1
- http://thread.gmane.org/gmane.comp.security.oss.general/6725
- http://thread.gmane.org/gmane.comp.security.oss.general/6725/focus=6731
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=783044
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=783261
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=783382
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=783039#c13
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=783039#c14
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=783039#c16
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-0064
- agent/tags
- agent/trending
- vendor/x
- canonical/x x.org x11
- version/x x.org x11/7.5
- version/x x.org x11/1.0
- version/x x.org x11/3.0
- version/x x.org x11/4.0
- version/x x.org x11/5.0
- version/x x.org x11/6.0
- version/x x.org x11/6.1
- version/x x.org x11/6.3
- version/x x.org x11/6.4
- version/x x.org x11/6.5.1
- version/x x.org x11/6.6
- version/x x.org x11/6.7
- version/x x.org x11/6.8
- version/x x.org x11/6.8.1
- version/x x.org x11/6.8.2
- version/x x.org x11/6.9.0
- version/x x.org x11/7.0
- version/x x.org x11/7.1
- version/x x.org x11/7.2
- version/x x.org x11/7.3
- version/x x.org x11/7.4
- vendor/xkeyboard config project
- canonical/xkeyboard config project xkeyboard-config
- version/xkeyboard config project xkeyboard-config/2.4
- version/xkeyboard config project xkeyboard-config/2.0
- version/xkeyboard config project xkeyboard-config/2.1
- version/xkeyboard config project xkeyboard-config/2.2
- version/xkeyboard config project xkeyboard-config/2.3