vulnerability

Ubuntu: USN-3362-1 (CVE-2017-10972): X.Org X server vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	2017-07-06	2017-07-24	2025-04-25

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

2017-07-06

Added

2017-07-24

Modified

2025-04-25

Description

It was discovered that the X.Org X server incorrectly handled endianness
conversion of certain X events. An attacker able to connect to an X server,
either locally or remotely, could use this issue to crash the server, or
possibly execute arbitrary code as an administrator. (CVE-2017-10971)

It was discovered that the X.Org X server incorrectly handled endianness
conversion of certain X events. An attacker able to connect to an X server,
either locally or remotely, could use this issue to possibly obtain
sensitive information. (CVE-2017-10972)

Eric Sesterhenn discovered that the X.Org X server incorrectly compared
MIT cookies. An attacker could possibly use this issue to perform a timing
attack and recover the MIT cookie. (CVE-2017-2624)

Solution(s)

ubuntu-upgrade-xserver-xorg-coreubuntu-upgrade-xserver-xorg-core-hwe-16-04ubuntu-upgrade-xserver-xorg-core-lts-xenial

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today