SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   X Vendors:   X.org
(Ubuntu Issues Fix) X Multiple Memory Corruption Flaws Let Remote Users Deny Service and Execute Arbitrary Code
SecurityTracker Alert ID:  1031328
SecurityTracker URL:  http://securitytracker.com/id/1031328
CVE Reference:   CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8094, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102, CVE-2014-8103   (Links to External Site)
Date:  Dec 10 2014
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to server version 1.17
Description:   Multiple vulnerabilities were reported in X. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions.

A remote X client can send specially crafted data to trigger a memory corruption error and execute arbitrary code on the target X server or cause the target X server to crash. The code will run with the privileges of the target X server.

On systems built with support for SUN-DES-1 (Secure RPC), a memory allocation error in client authentication may occur [CVE-2014-8091].

A remote authenticated X client can trigger an integer overflow in ProcPutImage(), GetHosts(), RegionSizeof(), and REQUEST_FIXED_SIZE() [CVE-2014-8092].

An integer overflow may occur in several GLX extension functions [CVE-2014-8093].

An integer overflow may occur in the DRI2 extension ProcDRI2GetBuffers() function [CVE-2014-8094].

A remote authenticated X client can trigger an out-of-bounds memory read or write in several XInput extension functions [CVE-2014-8095].

A remote authenticated X client can trigger an out-of-bounds memory read or write in XC-MISC extension SProcXCMiscGetXIDList() function [CVE-2014-8096].

A remote authenticated X client can trigger an out-of-bounds memory read or write in the DBE extension ProcDbeSwapBuffers() and SProcDbeSwapBuffers() functions [CVE-2014-8097].

A remote authenticated X client can trigger an out-of-bounds memory read or write in several GLX extension functions [CVE-2014-8098].

A remote authenticated X client can trigger an out-of-bounds memory read or write in several XVideo extension functions [CVE-2014-8099].

A remote authenticated X client can trigger an out-of-bounds memory read or write in several Render extension functions [CVE-2014-8100].

A remote authenticated X client can trigger an out-of-bounds memory read or write in the RandR extension SProcRRQueryVersion(), SProcRRGetScreenInfo(), SProcRRSelectInput(), and SProcRRConfigureOutputProperty() functions [CVE-2014-8101].

A remote authenticated X client can trigger an out-of-bounds memory read or write in the XFixes extension SProcXFixesSelectSelectionInput() function [CVE-2014-8102].

A remote authenticated X client can trigger an out-of-bounds memory read or write in several DRI3 and Present extension functions [CVE-2014-8103].

Ilja van Sprundel of IOActive reported these vulnerabilities.

Impact:   A remote user can execute arbitrary code on the target system.

A remote user can cause denial of service conditions.

Solution:   Ubuntu has issued a fix.

The Ubuntu advisories are available at:

http://www.ubuntu.com/usn/usn-2436-1
http://www.ubuntu.com/usn/usn-2436-2

Vendor URL:  www.x.org/wiki/Development/Security/Advisory-2014-12-09/ (Links to External Site)
Cause:   Access control error, Boundary error
Underlying OS:  Linux (Ubuntu)
Underlying OS Comments:  12.04 LTS, 14.04 LTS, 14.10

Message History:   This archive entry is a follow-up to the message listed below.
Dec 10 2014 X Multiple Memory Corruption Flaws Let Remote Users Deny Service and Execute Arbitrary Code



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC