CVE-2017-2624
EUVD-2017-1178527.07.2018, 18:29
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| x.org | x_server | 𝑥 ≤ 1.19.4 |
| debian | debian_linux | 7.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| xorg-server |
| ||||||||||
| xorg-server-hwe-16.04 |
| ||||||||||
| xorg-server-lts-quantal |
| ||||||||||
| xorg-server-lts-raring |
| ||||||||||
| xorg-server-lts-saucy |
| ||||||||||
| xorg-server-lts-trusty |
| ||||||||||
| xorg-server-lts-utopic |
| ||||||||||
| xorg-server-lts-vivid |
| ||||||||||
| xorg-server-lts-wily |
| ||||||||||
| xorg-server-lts-xenial |
|
Common Weakness Enumeration
- CWE-385 - Covert Timing ChannelCovert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
References