CVE-2014-8101 – xorg-x11-server: out of bounds access due to not validating length or offset values in RandR extension
https://notcve.org/view.php?id=CVE-2014-8101
The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcRRQueryVersion, (2) SProcRRGetScreenInfo, (3) SProcRRSelectInput, or (4) SProcRRConfigureOutputProperty function. La extensión RandR en XFree86 4.2.0, X.Org X Window System (también conocido como X11 o X) X11R6.7, y X.Org Server (también conocido como xserver y xorg-server) anterior a 1.16.3 permite a usuarios remotos autenticados causar una denegación de servicio (lectura o escritura fuera de rango) o posiblemente ejecutar código arbitrario a través de una longitud manipulada o un valor de indice manipulado en la función (1) SProcRRQueryVersion, (2) SProcRRGetScreenInfo, (3) SProcRRSelectInput, o (4) SProcRRConfigureOutputProperty. Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server. • http://advisories.mageia.org/MGASA-2014-0532.html http://secunia.com/advisories/61947 http://secunia.com/advisories/62292 http://www.debian.org/security/2014/dsa-3095 http://www.mandriva.com/security/advisories?name=MDVSA-2015:119 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/71605 http://www.x.org/wiki/Development/Security/Advisory-2014-12-09 https • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVE-2014-8091 – xorg-x11-server: denial of service due to unchecked malloc in client authentication
https://notcve.org/view.php?id=CVE-2014-8091
X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a crafted connection request. X.Org X Window System (también conocido como X11 and X) X11R5 y X.Org Server (también conocido como xserver y xorg-server) anterior a 1.16.3, cuando utiliza las credenciales de autenticación SUN-DES-1 (Secure RPC), no compreuba el valor de retorno de una llamada malloc, lo que permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída de servidor) a través de una solicitud de conexión manipulada. It was found that the X.Org server did not properly handle SUN-DES-1 (Secure RPC) authentication credentials. A malicious, unauthenticated client could use this flaw to crash the X.Org server by submitting a specially crafted authentication request. • http://advisories.mageia.org/MGASA-2014-0532.html http://secunia.com/advisories/61947 http://secunia.com/advisories/62292 http://www.debian.org/security/2014/dsa-3095 http://www.mandriva.com/security/advisories?name=MDVSA-2015:119 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/71597& • CWE-252: Unchecked Return Value •
CVE-2012-2118
https://notcve.org/view.php?id=CVE-2012-2118
Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name. Vulnerabilidad de formato de cadena en la función LogVHdrMessageVerb en OS/log.c en X11 X.Org v1.11 permite a atacantes provocar una denegación de servicio o posiblemente ejecutar código arbitrario mediante especificadores de formato de cadena en el nombre de un dispositivo de entrada. • http://patchwork.freedesktop.org/patch/10001 http://www.openwall.com/lists/oss-security/2012/04/18/8 http://www.openwall.com/lists/oss-security/2012/04/19/2 http://www.securityfocus.com/bid/53150 https://exchange.xforce.ibmcloud.com/vulnerabilities/74930 • CWE-20: Improper Input Validation •
CVE-2009-3100
https://notcve.org/view.php?id=CVE-2009-3100
xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSolaris snv_109 through snv_122, and X11 6.4.1 on Solaris 8 does not properly handle Accessibility support, which allows local users to cause a denial of service (system hang) by locking the screen and then attempting to launch an Accessibility pop-up window, related to a regression in certain Solaris and OpenSolaris patches. xscreensaver (también conocido como Gnome-XScreenSaver) en Sun Solaris v9 y v10, OpenSolaris snv_109 hasta snv_122, y X11 v6.4.1 en Solaris 8 no maneja apropiadamente el soporte Accesibilidad, lo que permite a los usuarios locales causar una denegación de servicio (parada del sistema) cerrando la pantalla y logrando lanzar una venta emergente de Accesibilidad, relativa a una regresión en ciertos parches Solaris y OpenSolaris. • http://bugs.opensolaris.org/view_bug.do?bug_id=6839026 http://sunsolve.sun.com/search/document.do?assetkey=1-66-266469-1 •
CVE-2009-2718 – JDK reposition of untrusted applet security icon in X11
https://notcve.org/view.php?id=CVE-2009-2718
The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on X11 does not impose the intended constraint on distance from the window border to the Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet. La implementación de Abstract Window Toolkit (AWT) en Sun Java SE v6 anteriores a Update 15 para X11 no impone la restricción de distancia prevista desde el borde de la ventana al Security Warning Icon, facilitando a atacantes dependientes del contexto que engañen a un usuario para interactuar sin seguridad con un applet no confiable. • http://java.sun.com/javase/6/webnotes/6u15.html http://secunia.com/advisories/37386 http://secunia.com/advisories/37460 http://security.gentoo.org/glsa/glsa-200911-02.xml http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.vmware.com/security/advisories/VMSA-2009-0016.html http://www.vupen.com/english/advisories/2009/3316 https://access.redhat.com/security/cve/CVE-2009-2718 https://bugzilla.redhat.com/show_bug.cgi?id=516815 • CWE-264: Permissions, Privileges, and Access Controls •