Vulnerability identifier: #VU36813
Vulnerability risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-200
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Debian Linux
Operating systems & Components /
Operating system
Vendor: Debian
Description
The vulnerability allows a local authenticated user to execute arbitrary code.
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Debian Linux: 7.0
External links
http://www.securityfocus.com/bid/96480
http://www.securitytracker.com/id/1037919
http://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624
http://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c
http://lists.debian.org/debian-lts-announce/2017/11/msg00032.html
http://security.gentoo.org/glsa/201704-03
http://security.gentoo.org/glsa/201710-30
http://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.