Lucene search

K
rosalinuxROSA LABROSA-SA-2023-2095
HistoryFeb 07, 2023 - 8:27 a.m.

Advisory ROSA-SA-2023-2095

2023-02-0708:27:40
ROSA LAB
abf.rosalinux.ru
9
tigervnc
x.org
rosa-server79
privilege escalation
memory corruption
ssh x forwarding

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.104

Percentile

95.1%

Software: tigervnc 1.8.0
OS: rosa-server79

package_evr_string: tigervnc-1.8.0-22

CVE-ID: CVE-2022-4283
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC: A vulnerability has been discovered in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-memory accesses on subsequent XkbGetKbdByName requests. This issue can lead to local privilege escalation on systems where privileged and remote code execution for ssh X forwarding sessions is performed on the X server.
CVE-STATUS: Fixed
CVE-REV: Run the yum update command to close it

CVE-ID: CVE-2022-46340
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC: A vulnerability has been discovered in X.Org. This security flaw occurs because the paging handler for the XTest extension’s XTestFakeInput request can corrupt the stack if GenericEvents with lengths greater than 32 bytes are sent via an XTestFakeInput request. This issue can lead to local privilege escalation on systems where privileged and remote code execution for ssh X forwarding sessions is performed on the X server. This issue does not affect systems where the client and server use the same byte order.
CVE-STATUS: Fixed
CVE-REV: Run the yum update command to close it

CVE-ID: CVE-2022-46341
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC: A vulnerability has been discovered in X.Org. This security flaw occurs because the XIPassiveUngrab request handler accesses out-of-memory memory when called with a high keycode or button code. This issue could lead to local privilege escalation on systems where privileged and remote code execution for ssh X forwarding sessions is performed on the X server.
CVE-STATUS: Fixed
CVE-REV: Run the yum update command to close it

CVE-ID: CVE-2022-46342
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC: A vulnerability has been discovered in X.Org. This vulnerability occurs because the XvdiSelectVideoNotify request handler can perform writes to memory after it has been freed. This flaw could lead to local privilege escalation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update command

CVE-ID: CVE-2022-46343
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC: A vulnerability has been discovered in X.Org. This security flaw occurs because the ScreenSaverSetAttributes request handler can perform writes to memory after it has been freed. This issue could lead to local privilege escalation on systems where privileged and remote code execution for ssh X forwarding sessions is performed on the X server.
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update command

CVE-ID: CVE-2022-46344
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC: A vulnerability has been discovered in X.Org. This security flaw occurs because the XIChangeProperty request handler has issues with length validation, resulting in out-of-memory reads and potential information disclosure. This issue could lead to local privilege escalation on systems where privileged and remote code execution for ssh X forwarding sessions is performed on the X server.
CVE-STATUS: Fixed
CVE-REV: Run the yum update command to close it

OSVersionArchitecturePackageVersionFilename
rosaanynoarchtigervnc< 1.8.0UNKNOWN

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.104

Percentile

95.1%