CVE-2017-2624
Published: 1 March 2017
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.
Notes
| Author | Note |
|---|---|
| tyhicks | 1.19.0 and lower are affected |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
xorg-server Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
| trusty |
Released
(2:1.15.1-0ubuntu2.9)
|
|
| upstream |
Released
(2:1.19.2-1)
|
|
| xenial |
Released
(2:1.18.4-0ubuntu0.3)
|
|
| yakkety |
Ignored
(end of life)
|
|
| zesty |
Not vulnerable
(2:1.19.3-1ubuntu1)
|
|
|
Patches: upstream: https://cgit.freedesktop.org/xorg/xserver/commit/?id=d7ac755f0b618eb1259d93c8a16ec6e39a18627c upstream: https://cgit.freedesktop.org/xorg/xserver/commit/?id=e9dbecf7c259f7e8b610fa93f97ea55f5dafa7af |
||
|
xorg-server-hwe-16.04 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Released
(2:1.18.4-1ubuntu6.1~16.04.2)
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
xorg-server-lts-quantal Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
xorg-server-lts-raring Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
xorg-server-lts-saucy Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
xorg-server-lts-trusty Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
xorg-server-lts-utopic Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
(trusty was ignored [end of life])
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
xorg-server-lts-vivid Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
(trusty was ignored [end of life])
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
xorg-server-lts-wily Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
(trusty was ignored [end of life])
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
xorg-server-lts-xenial Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Released
(2:1.18.3-1ubuntu2.3~trusty2)
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.0 |
| Attack vector | Local |
| Attack complexity | High |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |