CVE-2020-14363 – libX11: integer overflow leads to double free in locale handling
https://notcve.org/view.php?id=CVE-2020-14363
An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability. Se encontró una vulnerabilidad de desbordamiento de enteros conllevando a una doble liberación en libX11. Este fallo permite a un atacante privilegiado local causar que una aplicación compilada con libX11 se bloquee o, en algunos casos, resulte en una ejecución de código arbitraria. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363 https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txt https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.sh https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF https://lists.x.org/archives/xorg-announce/2020-August/003056.html https://usn.ubuntu.com/4487-2 https://access.redhat.com/security/cve/CVE-2020-14363 https://bugzilla.redhat.com • CWE-190: Integer Overflow or Wraparound CWE-416: Use After Free •
CVE-2020-14344 – libX11: Heap overflow in the X input method client
https://notcve.org/view.php?id=CVE-2020-14344
An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux. Se encontró un desbordamiento de enteros conllevando a un desbordamiento del búfer de la pila en el cliente X Input Method (XIM), se implementó en libX11 anterior a la versión 1.6.10. Según aguas arriba, esto es relevante para la seguridad cuando los programas setuid llaman a las funciones del cliente XIM mientras se ejecutan con privilegios elevados. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF https://lists.fedoraproject.org/ar • CWE-190: Integer Overflow or Wraparound •
CVE-2020-14347 – X.Org Server Pixel Data Uninitialized Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-14347
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable. Se encontró un fallo en la manera en que la memoria de xserver no fue inicializada apropiadamente. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00075.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14347 https://lists.debian.org/debian-lts-announce/2020/08/msg00057.html https://lists.x.org/archives/xorg-announce/2020-July/003051.html https://security.gentoo.org/glsa/202012-01 https://usn.ubuntu.com/4488-1 https://usn.ubuntu.com/4488-2 https://www.debian.org/security • CWE-665: Improper Initialization •
CVE-2019-17624 – X.Org X Server 1.20.4 - Local Stack Overflow
https://notcve.org/view.php?id=CVE-2019-17624
"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact. Note: It is disputed if the X.Org X Server is involved or if there is a stack overflow. En X.Org X Server versión 1.20.4, se presenta un desbordamiento de búfer en la región stack de la memoria en la función XQueryKeymap. Por ejemplo, al enviar ct.c_char 1000 veces, un atacante puede causar una denegación de servicio (bloqueo de aplicación) o posiblemente tener otro impacto no especificado. • https://www.exploit-db.com/exploits/47507 http://packetstormsecurity.com/files/154868/X.Org-X-Server-1.20.4-Local-Stack-Overflow.html https://www.x.org/releases/individual/xserver • CWE-787: Out-of-bounds Write •
CVE-2018-14665 – Xorg X11 Server (AIX) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-14665
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges. Se ha descubierto un problema en versiones anteriores a la 1.20.3 de xorg-x11-server. Hay una comprobación incorrecta de permisos para las opciones -modulepath y -logfile al iniciar Xorg. • https://www.exploit-db.com/exploits/45938 https://www.exploit-db.com/exploits/45832 https://www.exploit-db.com/exploits/45922 https://www.exploit-db.com/exploits/45908 https://www.exploit-db.com/exploits/45697 https://www.exploit-db.com/exploits/45742 https://www.exploit-db.com/exploits/46142 https://www.exploit-db.com/exploits/47701 https://github.com/jas502n/CVE-2018-14665 https://github.com/bolonobolo/CVE-2018-14665 http://packetstormsecurity.com/files/154942/ • CWE-271: Privilege Dropping / Lowering Errors CWE-863: Incorrect Authorization •