CVE-2017-13721
https://notcve.org/view.php?id=CVE-2017-13721
In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session. En versiones anteriores a la 1.19.4 de X.Org Server (también llamado xserver y xorg-server) un atacante autenticado en un servidor X con la extensión de memoria compartida X habilitada puede provocar cancelaciones del servidor X o reemplazar segmentos de memoria compartida de otros clientes X en la misma sesión. • http://www.debian.org/security/2017/dsa-4000 http://www.openwall.com/lists/oss-security/2017/10/04/10 http://www.securityfocus.com/bid/101238 https://cgit.freedesktop.org/xorg/xserver/commit/?id=b95f25af141d33a65f6f821ea9c003f66a01e1f1 https://lists.x.org/archives/xorg-announce/2017-October/002808.html https://security.gentoo.org/glsa/201710-30 • CWE-269: Improper Privilege Management •
CVE-2017-10972
https://notcve.org/view.php?id=CVE-2017-10972
Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server. Datos no inicializados en la conversión endianness en el manejo de XEvent del servidor X de X.Org antes del 19-06-2017, permitieron a usuarios maliciosos autenticados potencialmente acceder a datos privilegiados del servidor X. • http://www.debian.org/security/2017/dsa-3905 http://www.securityfocus.com/bid/99543 https://bugzilla.suse.com/show_bug.cgi?id=1035283 https://cgit.freedesktop.org/xorg/xserver/commit/?id=05442de962d3dc624f79fc1a00eca3ffc5489ced • CWE-665: Improper Initialization •
CVE-2017-10971
https://notcve.org/view.php?id=CVE-2017-10971
In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. En el servidor X de X.Org antes del 19-06-2017, un usuario autenticado en una Sesión X podría bloquear o ejecutar código en el contexto del servidor X al explotar un desbordamiento de pila en la conversión endianness de Eventos X. • http://www.debian.org/security/2017/dsa-3905 http://www.securityfocus.com/bid/99546 https://bugzilla.suse.com/show_bug.cgi?id=1035283 https://cgit.freedesktop.org/xorg/xserver/commit/?id=215f894965df5fb0bb45b107d84524e700d2073c https://cgit.freedesktop.org/xorg/xserver/commit/?id=8caed4df36b1f802b4992edcfd282cbeeec35d9d https://cgit.freedesktop.org/xorg/xserver/commit/?id=ba336b24052122b136486961c82deac76bbde455 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-2624 – X.org Privilege Escalation / Use-After-Free / Weak Entropy
https://notcve.org/view.php?id=CVE-2017-2624
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack. Se ha encontrado que xorg-x11-server en versiones anteriores a la 1.19.0 que uttilizan memcmp() para comprobar la cookie MIT recibida contra una serie de cookies válidas. Si la cookie es correcta, se puede adjuntar a la sesión de Xorg. • http://www.securityfocus.com/bid/96480 http://www.securitytracker.com/id/1037919 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624 https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html https://security.gentoo.org/glsa/201704-03 https://security.gentoo.org/glsa/201710-30 https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-385: Covert Timing Channel •
CVE-2015-3418
https://notcve.org/view.php?id=CVE-2015-3418
The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request. La función ProcPutImage en dix/dispatch.c en X.Org Server (también conocido como xserver y xorg-server) en versiones anteriores a 1.16.4 permite a atacantes provocar una denegación de servicio (división por cero y caída) a través de una solicitud PutImage de altura cero. • http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/74328 https://cgit.freedesktop.org/xorg/xserver/commit/?id=dc777c346d5d452a53b13b917c45f6a1bad2f20b https://lists.x.org/archives/xorg-announce/2015-February/002532.html https://security.gentoo.org/glsa/201701-64 • CWE-369: Divide By Zero •