CVE-2020-14345 – X.Org Server XkbSetNames Out-Of-Bounds Access Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-14345
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en X.Org Server versiones anteriores a xorg-x11-server 1.20.9. Un acceso fuera de límites en la función XkbSetNames puede conllevar a una vulnerabilidad de escalada de privilegios. • http://www.openwall.com/lists/oss-security/2021/01/15/1 https://bugzilla.redhat.com/show_bug.cgi?id=1862241 https://lists.x.org/archives/xorg-announce/2020-August/003058.html https://security.gentoo.org/glsa/202012-01 https://usn.ubuntu.com/4488-2 https://usn.ubuntu.com/4490-1 https://www.zerodayinitiative.com/advisories/ZDI-20-1416 https://access.redhat.com/security/cve/CVE-2020-14345 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2019-17624 – X.Org X Server 1.20.4 - Local Stack Overflow
https://notcve.org/view.php?id=CVE-2019-17624
"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact. Note: It is disputed if the X.Org X Server is involved or if there is a stack overflow. En X.Org X Server versión 1.20.4, se presenta un desbordamiento de búfer en la región stack de la memoria en la función XQueryKeymap. Por ejemplo, al enviar ct.c_char 1000 veces, un atacante puede causar una denegación de servicio (bloqueo de aplicación) o posiblemente tener otro impacto no especificado. • https://www.exploit-db.com/exploits/47507 http://packetstormsecurity.com/files/154868/X.Org-X-Server-1.20.4-Local-Stack-Overflow.html https://www.x.org/releases/individual/xserver • CWE-787: Out-of-bounds Write •
CVE-2011-4029 – X.Org xorg 1.4 < 1.11.2 - File Permission Change
https://notcve.org/view.php?id=CVE-2011-4029
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file. La función LockServer en os/utils.c en xserver X.Org antes de v1.11.2 permite a los usuarios locales cambiar los permisos de archivos de su elección a 444, leer los archivos, y posiblemente causar una denegación de servicio (por permiso retirado de ejecución) a través de un ataque de enlace simbólico a un archivo de bloqueo temporal. • https://www.exploit-db.com/exploits/18040 http://cgit.freedesktop.org/xorg/xserver/commit/?id=b67581cf825940fdf52bf2e0af4330e695d724a4 http://lists.freedesktop.org/archives/xorg/2011-October/053680.html http://rhn.redhat.com/errata/RHSA-2012-0939.html http://secunia.com/advisories/46460 http://secunia.com/advisories/49579 https://access.redhat.com/security/cve/CVE-2011-4029 https://bugzilla.redhat.com/show_bug.cgi?id=745024 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2011-4028 – xorg-x11-server: File existence disclosure vulnerability
https://notcve.org/view.php?id=CVE-2011-4028
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists. La función LockServer en os/utils.c en xserver X.Org antes de v1.11.2 permite a los usuarios locales determinar la existencia de archivos (de su elección) a través de un ataque de enlace simbólico en un archivo de bloqueo temporal, que se maneja de manera diferente si el archivo existe. • http://cgit.freedesktop.org/xorg/xserver/commit/?id=6ba44b91e37622ef8c146d8f2ac92d708a18ed34 http://lists.freedesktop.org/archives/xorg/2011-October/053680.html http://rhn.redhat.com/errata/RHSA-2012-0939.html http://secunia.com/advisories/46460 http://secunia.com/advisories/49579 https://access.redhat.com/security/cve/CVE-2011-4028 https://bugzilla.redhat.com/show_bug.cgi?id=745755 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2007-6427 – xfree86: memory corruption via XInput extension
https://notcve.org/view.php?id=CVE-2007-6427
The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. La extensión XInput de X.Org Xserver versiones anteriores a 1.4.1 permite a atacantes locales o remotos dependientes del contexto ejecutar código de su elección mediante peticiones relativas al intercambio de bytes y corrupción de cabecera dentro d múltiples funciones, vulnerabilidad distinta de CVE-2007-4990. • http://bugs.gentoo.org/show_bug.cgi?id=204362 http://docs.info.apple.com/article.html?artnum=307562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=643 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.freedesktop.org/archives/xorg/2008-January/031918.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html http://lists.opensuse.org/ope • CWE-787: Out-of-bounds Write •