Vulnerability identifier: #VU36813

Vulnerability risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-2624

CWE-ID: CWE-200

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Debian Linux
Operating systems & Components / Operating system

Vendor: Debian

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Debian Linux: 7.0

---

External links
http://www.securityfocus.com/bid/96480
http://www.securitytracker.com/id/1037919
http://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624
http://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c
http://lists.debian.org/debian-lts-announce/2017/11/msg00032.html
http://security.gentoo.org/glsa/201704-03
http://security.gentoo.org/glsa/201710-30
http://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.