vulnerability

Debian: CVE-2017-2624: xorg-server -- security update

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:N/A:N)

Published

Jul 27, 2018

Added

Feb 25, 2019

Modified

Mar 30, 2026

Description

It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.

Solution

debian-upgrade-xorg-server

References

CVE-2017-2624
https://attackerkb.com/topics/CVE-2017-2624
CWE-200
CWE-385
DEBIAN-DLA-1186-1
EUVD-EUVD-2017-11785
https://euvd.enisa.europa.eu/vulnerability/EUVD-2017-11785

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report