Rapid7 Vulnerability & Exploit Database

RHSA-2014:1983: xorg-x11-server security update

Back to Search

RHSA-2014:1983: xorg-x11-server security update

Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
12/10/2014
Created
07/25/2018
Added
12/15/2014
Modified
07/04/2017

Description

X.Org is an open source implementation of the X Window System. It providesthe basic low-level functionality that full-fledged graphical userinterfaces are designed upon.Multiple integer overflow flaws and out-of-bounds write flaws were found inthe way the X.Org server calculated memory requirements for certain X11core protocol and GLX extension requests. A malicious, authenticated clientcould use either of these flaws to crash the X.Org server or, potentially,execute arbitrary code with root privileges. (CVE-2014-8092, CVE-2014-8093,CVE-2014-8098)It was found that the X.Org server did not properly handle SUN-DES-1(Secure RPC) authentication credentials. A malicious, unauthenticatedclient could use this flaw to crash the X.Org server by submitting aspecially crafted authentication request. (CVE-2014-8091)Multiple out-of-bounds access flaws were found in the way the X.Org servercalculated memory requirements for certain requests. A malicious,authenticated client could use either of these flaws to crash the X.Orgserver, or leak memory contents to the client. (CVE-2014-8097)An integer overflow flaw was found in the way the X.Org server calculatedmemory requirements for certain DRI2 extension requests. A malicious,authenticated client could use this flaw to crash the X.Org server.(CVE-2014-8094)Multiple out-of-bounds access flaws were found in the way the X.Org servercalculated memory requirements for certain requests. A malicious,authenticated client could use either of these flaws to crash the X.Orgserver. (CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100,CVE-2014-8101, CVE-2014-8102, CVE-2014-8103)All xorg-x11-server users are advised to upgrade to these updated packages,which contain backported patches to correct these issues.

Solution(s)

  • redhat-upgrade-xorg-x11-server-common
  • redhat-upgrade-xorg-x11-server-debuginfo
  • redhat-upgrade-xorg-x11-server-devel
  • redhat-upgrade-xorg-x11-server-source
  • redhat-upgrade-xorg-x11-server-xdmx
  • redhat-upgrade-xorg-x11-server-xephyr
  • redhat-upgrade-xorg-x11-server-xnest
  • redhat-upgrade-xorg-x11-server-xorg
  • redhat-upgrade-xorg-x11-server-xvfb

References

  • redhat-upgrade-xorg-x11-server-common
  • redhat-upgrade-xorg-x11-server-debuginfo
  • redhat-upgrade-xorg-x11-server-devel
  • redhat-upgrade-xorg-x11-server-source
  • redhat-upgrade-xorg-x11-server-xdmx
  • redhat-upgrade-xorg-x11-server-xephyr
  • redhat-upgrade-xorg-x11-server-xnest
  • redhat-upgrade-xorg-x11-server-xorg
  • redhat-upgrade-xorg-x11-server-xvfb

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;