10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.02 Low
EPSS
Percentile
88.6%
Format string vulnerability in the LogVHdrMessageVerb function in os/log.c
in X.Org X11 1.11 allows attackers to cause a denial of service or possibly
execute arbitrary code via format string specifiers in an input device
name.
Author | Note |
---|---|
jdstrand | Reducing priority because we build with -D_FORTIFY_SOURCE=2 and as of USN-1396-1, Ubuntu’s glibc is patched to fix (CVE-2012-0864), so this is reduced to a denial of service. per upstream, only 1.10 and higher are affected: http://lists.x.org/pipermail/xorg-devel/2012-May/031411.html |
sbeattie | with experimentation, was not able to cause the 1.10 server to crash in natty and oneiric, marking those not-affected |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.04 | noarch | xorg-server | < 2:1.11.4-0ubuntu10.5 | UNKNOWN |