Showing 1 - 4 of 4

CVE-2017-2624

Status Candidate

Overview

It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.

Related Files

Gentoo Linux Security Advisory 201710-30: Posted Oct 30, 2017; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201710-30 - Multiple vulnerabilities have been found in X.Org Server the worst of which could allow a local attacker to replace shared memory segments. Versions less than 1.19.4 are affected.; tags | advisory, local, vulnerability; systems | linux, gentoo; advisories | CVE-2013-6424, CVE-2017-13721, CVE-2017-13723, CVE-2017-2624; SHA-256 | 63eddffde35de0427f38fd9d9a39600951883ee472d11a47f0c8ae006c4c1d75; Download | Favorite | View

Ubuntu Security Notice USN-3362-1: Posted Jul 24, 2017; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3362-1 - It was discovered that the X.Org X server incorrectly handled endianness conversion of certain X events. An attacker able to connect to an X server, either locally or remotely, could use this issue to crash the server, or possibly execute arbitrary code as an administrator. It was discovered that the X.Org X server incorrectly handled endianness conversion of certain X events. An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly obtain sensitive information. Various other issues were also addressed.; tags | advisory, arbitrary; systems | linux, ubuntu; advisories | CVE-2017-10971, CVE-2017-10972, CVE-2017-2624; SHA-256 | 56b068bc59fd1a458b3be77ea77eeae726c0089dc065eed37fd85b7b8f25855e; Download | Favorite | View

Gentoo Linux Security Advisory 201704-03: Posted Apr 11, 2017; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201704-3 - Multiple vulnerabilities have been found in X.Org server and libraries, the worse of which allowing local attackers to execute arbitrary code. Versions less than 1.19.2 are affected.; tags | advisory, arbitrary, local, vulnerability; systems | linux, gentoo; advisories | CVE-2016-5407, CVE-2016-7942, CVE-2016-7943, CVE-2016-7944, CVE-2016-7945, CVE-2016-7946, CVE-2016-7947, CVE-2016-7948, CVE-2016-7949, CVE-2016-7950, CVE-2016-7953, CVE-2017-2624, CVE-2017-2625, CVE-2017-2626; SHA-256 | b651dfb5c88b536bb774bed091405ef39ff35e25a8d671b35af02c5805d32f09; Download | Favorite | View

X.org Privilege Escalation / Use-After-Free / Weak Entropy: Posted Mar 1, 2017; Authored by Eric Sesterhenn; X.org suffers from privilege escalation, weak entropy, and use-after-free vulnerabilities.; tags | exploit, vulnerability; advisories | CVE-2017-2624, CVE-2017-2625, CVE-2017-2626; SHA-256 | f72f05abe9036269c3ae97121d5341b234d6db2cbe445c9d8643a82f22648e4d; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 305 files
Ubuntu 67 files
Debian 23 files
Gentoo 8 files
LiquidWorm 6 files
Apple 5 files
Google Security Research 5 files
Spencer McIntyre 3 files
Ivan Fratric 3 files
Jann Horn 2 files

File Archives

Systems

AIX (430)
Apple (2,133)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,177)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,160)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,495)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,025)
UNIX (9,482)
UnixWare (188)
Windows (6,786)
Other

CVE-2017-2624

Overview

Related Files

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems