CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 2CVE-2017-2624 – X.org Privilege Escalation / Use-After-Free / Weak Entropy
https://notcve.org/view.php?id=CVE-2017-2624
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack. Se ha encontrado que xorg-x11-server en versiones anteriores a la 1.19.0 que uttilizan memcmp() para comprobar la cookie MIT recibida contra una serie de cookies válidas. Si la cookie es correcta, se puede adjuntar a la sesión de Xorg. • http://www.securityfocus.com/bid/96480 http://www.securitytracker.com/id/1037919 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624 https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html https://security.gentoo.org/glsa/201704-03 https://security.gentoo.org/glsa/201710-30 https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-385: Covert Timing Channel •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3418
https://notcve.org/view.php?id=CVE-2015-3418
The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request. La función ProcPutImage en dix/dispatch.c en X.Org Server (también conocido como xserver y xorg-server) en versiones anteriores a 1.16.4 permite a atacantes provocar una denegación de servicio (división por cero y caída) a través de una solicitud PutImage de altura cero. • http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/74328 https://cgit.freedesktop.org/xorg/xserver/commit/?id=dc777c346d5d452a53b13b917c45f6a1bad2f20b https://lists.x.org/archives/xorg-announce/2015-February/002532.html https://security.gentoo.org/glsa/201701-64 • CWE-369: Divide By Zero •
CVSS: 6.4EPSS: 7%CPEs: 4EXPL: 0CVE-2015-0255 – xorg-x11-server: information leak in the XkbSetGeometry request of X servers
https://notcve.org/view.php?id=CVE-2015-0255
X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request. X.Org Server (también conocido como xserver y xorg-server) anterior a 1.16.3 y 1.17.x anterior a 1.17.1 permite a atacantes remotos obtener información sensible de la memoria de procesos o causar una denegación de servicio (caída) a través de un valor de longitud de cadena manipulado en una solicitud XkbSetGeometry. A buffer overflow flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request. • http://advisories.mageia.org/MGASA-2015-0073.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00085.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00086.html http://rhn.redhat.com/errata/RHSA-2015-0797.html http://www.debian.org/security/2015/dsa-3160 http://www.mandriva.com/security/advisories?name=MDVSA-2015:119 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html ht • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 6%CPEs: 2EXPL: 0CVE-2014-8091 – xorg-x11-server: denial of service due to unchecked malloc in client authentication
https://notcve.org/view.php?id=CVE-2014-8091
X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a crafted connection request. X.Org X Window System (también conocido como X11 and X) X11R5 y X.Org Server (también conocido como xserver y xorg-server) anterior a 1.16.3, cuando utiliza las credenciales de autenticación SUN-DES-1 (Secure RPC), no compreuba el valor de retorno de una llamada malloc, lo que permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída de servidor) a través de una solicitud de conexión manipulada. It was found that the X.Org server did not properly handle SUN-DES-1 (Secure RPC) authentication credentials. A malicious, unauthenticated client could use this flaw to crash the X.Org server by submitting a specially crafted authentication request. • http://advisories.mageia.org/MGASA-2014-0532.html http://secunia.com/advisories/61947 http://secunia.com/advisories/62292 http://www.debian.org/security/2014/dsa-3095 http://www.mandriva.com/security/advisories?name=MDVSA-2015:119 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/71597& • CWE-252: Unchecked Return Value •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8092 – xorg-x11-server: integer overflow in X11 core protocol requests when calculating memory needs for requests
https://notcve.org/view.php?id=CVE-2014-8092
Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutImage, (2) GetHosts, (3) RegionSizeof, or (4) REQUEST_FIXED_SIZE function, which triggers an out-of-bounds read or write. Múltiples desbordamientos de enteros en X.Org X Window System (también conocido como X11 o X) X11R1 y X.Org Server (también conocido como xserver y xorg-server) anterior a 1.16.3 permiten a usuarios remotos autenticados causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una solicitud manipulada en la función (1) ProcPutImage, (2) GetHosts, (3) RegionSizeof, o (4) REQUEST_FIXED_SIZE, lo que provoca una lectura o escritura fuera de rango. Multiple integer overflow flaws were found in the way the X.Org server calculated memory requirements for certain X11 core protocol requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges. • http://advisories.mageia.org/MGASA-2014-0532.html http://secunia.com/advisories/61947 http://secunia.com/advisories/62292 http://www.debian.org/security/2014/dsa-3095 http://www.mandriva.com/security/advisories?name=MDVSA-2015:119 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •