CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 2CVE-2017-2624 – X.org Privilege Escalation / Use-After-Free / Weak Entropy
https://notcve.org/view.php?id=CVE-2017-2624
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack. Se ha encontrado que xorg-x11-server en versiones anteriores a la 1.19.0 que uttilizan memcmp() para comprobar la cookie MIT recibida contra una serie de cookies válidas. Si la cookie es correcta, se puede adjuntar a la sesión de Xorg. • http://www.securityfocus.com/bid/96480 http://www.securitytracker.com/id/1037919 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624 https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html https://security.gentoo.org/glsa/201704-03 https://security.gentoo.org/glsa/201710-30 https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-385: Covert Timing Channel •
CVSS: 3.6EPSS: 0%CPEs: 12EXPL: 0CVE-2015-3164
https://notcve.org/view.php?id=CVE-2015-3164
The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket. La configuración de la autenticación en XWayland 1.16.x y 1.17.x anterior a 1.17.2 arranca el servidor en el modo de no autenticación, lo que permite a usuarios locales leer en o enviar información a clientes X11 arbitrarios a través de vectores que involucran un socket UNIX. • http://lists.freedesktop.org/archives/wayland-devel/2015-June/022548.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00044.html http://www.securityfocus.com/bid/75535 https://security.gentoo.org/glsa/201701-64 • CWE-264: Permissions, Privileges, and Access Controls •