what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2021-31535

Status Candidate

Overview

LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session.

Related Files

Red Hat Security Advisory 2021-4326-02
Posted Nov 10, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4326-02 - The libX11 packages contain the core X11 protocol client library.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2021-31535
SHA-256 | 588be64d8e7ec4bdf8a24e6b2c77f1d017d02fbecb3e24aafdf4e5c7fa435776
Red Hat Security Advisory 2021-3653-01
Posted Sep 24, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3653-01 - Red Hat Advanced Cluster Management 2.1.11 security fix and container updates are available.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-27777, CVE-2021-22555, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-23017, CVE-2021-29154, CVE-2021-29650, CVE-2021-31535, CVE-2021-32399, CVE-2021-36222, CVE-2021-3653, CVE-2021-37750
SHA-256 | 15f863255ce01b9af4125b6f699165597020889114335a232c7f75076dc7e35c
Red Hat Security Advisory 2021-3477-01
Posted Sep 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3477-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include code execution, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-22555, CVE-2021-31535, CVE-2021-32399, CVE-2021-3621, CVE-2021-3715
SHA-256 | 7dba6acf5672fd4d58b17b842295a37b3063e17a6e0780b04cab5d26aa25cbaf
Red Hat Security Advisory 2021-3454-01
Posted Sep 8, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3454-01 - Red Hat Advanced Cluster Management for Kubernetes 2.3.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-20149, CVE-2020-27777, CVE-2021-22543, CVE-2021-22555, CVE-2021-27218, CVE-2021-29154, CVE-2021-29650, CVE-2021-31535, CVE-2021-32399, CVE-2021-33195, CVE-2021-33197, CVE-2021-33198, CVE-2021-34558, CVE-2021-3609
SHA-256 | ededc503492f31daf90a74b29a6e64b1e7ee98978cd963f10901af9667484f8e
Red Hat Security Advisory 2021-3296-01
Posted Aug 31, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3296-01 - The libX11 packages contain the core X11 protocol client library.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2021-31535
SHA-256 | d52b87f73fe8bb831cfd255ab88f72bc37708155589a1d69ea547970deb2853f
Debian Security Advisory 4920-1
Posted May 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4920-1 - Roman Fiedler reported that missing length validation in various functions provided by libx11, the X11 client-side library, allow to inject X11 protocol commands on X clients, leading to authentication bypass, denial of service or potentially the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, protocol
systems | linux, debian
advisories | CVE-2021-31535
SHA-256 | 4394a56178b38b24b98deb1792eadb7d5bae57faddf795c0673c26d8cf9b1b4f
Gentoo Linux Security Advisory 202105-16
Posted May 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-16 - A vulnerability in X.Org X11 library could lead to a Denial of Service condition. Versions less than 1.7.1 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2021-31535
SHA-256 | c782923c3224316b278a0db42bce0cb143372e97e42719de4285694615e598f5
Ubuntu Security Notice USN-4966-2
Posted May 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4966-2 - USN-4966-1 fixed a vulnerability in libx11. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that libx11 incorrectly validated certain parameter lengths. A remote attacker could possibly use this issue to trick libx11 into emitting extra X protocol requests. Various other issues were also addressed.

tags | advisory, remote, protocol
systems | linux, ubuntu
advisories | CVE-2021-31535
SHA-256 | e0eccd0078f94c572c12f091d36b0db2460e273ee382a10a61f2960180a695e1
Ubuntu Security Notice USN-4966-1
Posted May 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4966-1 - It was discovered that libx11 incorrectly validated certain parameter lengths. A remote attacker could possibly use this issue to trick libx11 into emitting extra X protocol requests.

tags | advisory, remote, protocol
systems | linux, ubuntu
advisories | CVE-2021-31535
SHA-256 | c218883c87b526d953cc152b66ae5f7f3f3dd0c60ee2895bd3b91302f25f7885
libX11 Insufficient Length Check / Injection
Posted May 21, 2021
Authored by Roman Fiedler | Site unparalleled.eu

A missing length check in libX11 allows data from LookupColor requests to mess up the client-server communication protocol and inject malicious X server requests.

tags | exploit, protocol
advisories | CVE-2021-31535
SHA-256 | 11761ba0cb40d006d1d9f835688853c9f235d462bc42a8503f286b6871a81294
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close