Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArch LinuxASA-201502-11
HistoryFeb 10, 2015 - 12:00 a.m.

xorg-server: information leak and denial of service

2015-02-1000:00:00
Arch Linux
lists.archlinux.org
19

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.079 Low

EPSS

Percentile

93.5%

JSON

Olivier Fourdan from Red Hat has discovered a protocol handling issue in
the way the X server code base handles the XkbSetGeometry request.

The issue stems from the server trusting the client to send valid string
lengths in the request data. A malicious client with string lengths
exceeding the request length can cause the server to copy adjacent
memory data into the XKB structs. This data is then available to the
client via the XkbGetGeometry request.
The data length is at least up to 64k, it is possible to obtain more
data by chaining strings, each string length is then determined by
whatever happens to be in that 16-bit region of memory.

A similarly crafted request can likely cause the X server to crash.

OSVersionArchitecturePackageVersionFilename
anyanyanyxorg-server< 1.16.4-1UNKNOWN

Related

nessus 32
mageia 2
osv 3
securityvulns 5
ubuntucve 2
openvas 34
cve 2
debiancve 2
oraclelinux 1
centos 1
archlinux 1
ubuntu 3
prion 2
gentoo 3
cloudfoundry 1
redhat 1
freebsd 1
debian 4
altlinux 1
veracode 1
amazon 1
ibm 1
photon 2
fedora 5
kaspersky 1
suse 2
oracle 1
nessus
nessus
GLSA-201503-02 : D-Bus: Denial of Service
2015-03-09 00:00:00
GLSA-201701-20 : D-Bus: Format string vulnerability
2017-01-12 00:00:00
openSUSE Security Update : xorg-x11-server (openSUSE-2015-169)
2015-02-23 00:00:00
mageia
mageia
Updated dbus packages fix security vulnerabilities
2015-02-17 21:38:13
Updated x11-server packages fix CVE-2015-0255
2015-02-17 21:38:13
osv
osv
xorg-server - security update
2015-02-11 00:00:00
dbus - security update
2015-02-11 00:00:00
vnc4 vulnerabilities
2021-03-15 20:16:26
securityvulns
securityvulns
[SECURITY] [DSA 3160-1] xorg-server security update
2015-02-16 00:00:00
dbus DoS
2015-02-16 00:00:00
[SECURITY] [DSA 3161-1] dbus security update
2015-02-16 00:00:00
ubuntucve
ubuntucve
CVE-2015-0255
2015-02-11 00:00:00
CVE-2015-0245
2015-02-13 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0073)
2022-01-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0403-1)
2021-04-19 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-519)
2015-09-08 00:00:00
cve
cve
CVE-2015-0255
2015-02-13 15:59:00
CVE-2015-0245
2015-02-13 15:59:00
debiancve
debiancve
CVE-2015-0245
2015-02-13 15:59:00
CVE-2015-0255
2015-02-13 15:59:00
oraclelinux
oraclelinux
xorg-x11-server security update
2015-04-09 00:00:00
centos
centos
xorg security update
2015-04-10 12:06:39
archlinux
archlinux
dbus: denial of service
2015-02-10 00:00:00
ubuntu
ubuntu
DBus vulnerabilities
2016-11-01 00:00:00
VNC4 vulnerabilities
2021-03-15 00:00:00
X.Org X server vulnerabilities
2015-02-17 00:00:00
prion
prion
Race condition
2015-02-13 15:59:00
Design/Logic Flaw
2015-02-13 15:59:00
gentoo
gentoo
D-Bus: Format string vulnerability
2017-01-11 00:00:00
D-Bus: Denial of service
2015-03-07 00:00:00
X.Org X Server: Multiple vulnerabilities
2015-04-17 00:00:00
cloudfoundry
cloudfoundry
USN-3116-1: DBus vulnerabilities | Cloud Foundry
2016-12-14 00:00:00
redhat
redhat
(RHSA-2015:0797) Moderate: xorg-x11-server security update
2015-04-10 00:00:00
freebsd
freebsd
xorg-server -- Information leak in the XkbSetGeometry request of X servers.
2015-02-10 00:00:00
debian
debian
[SECURITY] [DSA 3161-1] dbus security update
2015-02-11 20:39:05
[SECURITY] [DSA 3161-1] dbus security update
2015-02-11 20:39:05
[SECURITY] [DLA 218-1] xorg-server security update
2015-05-01 10:55:08
altlinux
altlinux
Security fix for the ALT Linux 7 package dbus version 1.6.30-alt1.M70P.1
2016-10-11 00:00:00
veracode
veracode
Information Disclosure
2019-01-15 09:05:28
amazon
amazon
Medium: xorg-x11-server
2015-05-05 15:55:00
ibm
ibm
Security Bulletin: TSSC/IMC is affected by vulnerability for xorg-x11-server (CVE-2015-0255)
2018-06-18 00:09:39
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0249
2019-09-03 00:00:00
Important Photon OS Security Update - PHSA-2019-0249
2019-09-03 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: dbus-1.8.16-1.fc21
2015-02-16 03:26:31
[SECURITY] Fedora 20 Update: dbus-1.6.30-1.fc20
2015-02-19 18:01:40
[SECURITY] Fedora 20 Update: nx-libs-3.5.0.29-1.fc20
2015-03-26 21:29:40
kaspersky
kaspersky
KLA10630 Multiple vulnerabilities in Oracle VM VirtualBox
2015-07-14 00:00:00
suse
suse
Security update for SLES 12-SP1 Docker image (important)
2017-10-11 03:07:32
Security update for SLES 12 Docker image (important)
2017-10-11 03:06:53
oracle
oracle
Oracle Critical Patch Update Advisory - July 2015
2015-07-14 00:00:00

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.079 Low

EPSS

Percentile

93.5%

JSON
Related for ASA-201502-11
nessus32mageia2osv3securityvulns5ubuntucve2openvas34cve2debiancve2oraclelinux1centos1archlinux1ubuntu3prion2gentoo3cloudfoundry1redhat1freebsd1debian4altlinux1veracode1amazon1ibm1photon2fedora5kaspersky1suse2oracle1