CVE-2015-0255
xorg-x11-server: information leak in the XkbSetGeometry request of X servers
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.
X.Org Server (también conocido como xserver y xorg-server) anterior a 1.16.3 y 1.17.x anterior a 1.17.1 permite a atacantes remotos obtener información sensible de la memoria de procesos o causar una denegación de servicio (caída) a través de un valor de longitud de cadena manipulado en una solicitud XkbSetGeometry.
A buffer overflow flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request.
Ilja van Sprundel of IOActive discovered several security issues in the X.org X server, which may lead to privilege escalation or denial of service. Olivier Fourdan from Red Hat has discovered a protocol handling issue in the way the X server code base handles the XkbSetGeometry request, where the server trusts the client to send valid string lengths. A malicious client with string lengths exceeding the request length can cause the server to copy adjacent memory data into the XKB structs. This data is then available to the client via the XkbGetGeometry request. This can lead to information disclosure issues, as well as possibly a denial of service if a similar request can cause the server to crash.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-11-18 CVE Reserved
- 2015-02-12 CVE Published
- 2024-08-06 CVE Updated
- 2025-07-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (15)
URL | Tag | Source |
---|---|---|
http://advisories.mageia.org/MGASA-2015-0073.html | X_refsource_confirm | |
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html | X_refsource_confirm |
|
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html | X_refsource_confirm |
|
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | X_refsource_confirm |
|
http://www.securityfocus.com/bid/72578 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.x.org/wiki/Development/Security/Advisory-2015-02-10 | 2018-10-30 |
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-updates/2015-02/msg00085.html | 2018-10-30 | |
http://lists.opensuse.org/opensuse-updates/2015-02/msg00086.html | 2018-10-30 | |
http://rhn.redhat.com/errata/RHSA-2015-0797.html | 2018-10-30 | |
http://www.debian.org/security/2015/dsa-3160 | 2018-10-30 | |
http://www.mandriva.com/security/advisories?name=MDVSA-2015:119 | 2018-10-30 | |
http://www.ubuntu.com/usn/USN-2500-1 | 2018-10-30 | |
https://security.gentoo.org/glsa/201504-06 | 2018-10-30 | |
https://access.redhat.com/security/cve/CVE-2015-0255 | 2015-04-10 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1189062 | 2015-04-10 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
X.org Search vendor "X.org" | Xorg-server Search vendor "X.org" for product "Xorg-server" | <= 1.16.3 Search vendor "X.org" for product "Xorg-server" and version " <= 1.16.3" | - |
Affected
| ||||||
X.org Search vendor "X.org" | Xorg-server Search vendor "X.org" for product "Xorg-server" | 1.17.0 Search vendor "X.org" for product "Xorg-server" and version "1.17.0" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.1 Search vendor "Opensuse" for product "Opensuse" and version "13.1" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.2 Search vendor "Opensuse" for product "Opensuse" and version "13.2" | - |
Affected
|