exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2014-8091

Status Candidate

Overview

X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a crafted connection request.

Related Files

Gentoo Linux Security Advisory 201504-06
Posted Apr 19, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201504-6 - Multiple vulnerabilities have been found in X.Org X Server, allowing attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 1.12.4-r4 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8094, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102, CVE-2014-8103, CVE-2015-0255
SHA-256 | 02bfcf82733cc51a9e7242f086fd8e7f523654b1b9c474a9238aec3001352a0f
Mandriva Linux Security Advisory 2015-119
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-119 - Ilja van Sprundel of IOActive discovered several security issues in the X.org X server, which may lead to privilege escalation or denial of service. Olivier Fourdan from Red Hat has discovered a protocol handling issue in the way the X server code base handles the XkbSetGeometry request, where the server trusts the client to send valid string lengths. A malicious client with string lengths exceeding the request length can cause the server to copy adjacent memory data into the XKB structs. This data is then available to the client via the XkbGetGeometry request. This can lead to information disclosure issues, as well as possibly a denial of service if a similar request can cause the server to crash.

tags | advisory, denial of service, protocol, info disclosure
systems | linux, redhat, mandriva
advisories | CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8094, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102, CVE-2015-0255
SHA-256 | 9a99ccedd34c67a048ace0a5867356eb6858bcbd1dc024890093acb3993ef4e1
Slackware Security Advisory - xorg-server Updates
Posted Dec 23, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New xorg-server packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8094, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102, CVE-2014-8103
SHA-256 | a39862a25a5d7d308f9940d7a38d9a97d8b894971774c2778f7d822ac39ec1f9
Red Hat Security Advisory 2014-1983-01
Posted Dec 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1983-01 - X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the X.Org server calculated memory requirements for certain X11 core protocol and GLX extension requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges.

tags | advisory, overflow, arbitrary, root, protocol
systems | linux, redhat
advisories | CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8094, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102, CVE-2014-8103
SHA-256 | 4134cd6f0552f1eb1400b783f6ac2383eeb1b8055ad51f10055d4c175deae1af
Red Hat Security Advisory 2014-1982-01
Posted Dec 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1982-01 - X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the X.Org server calculated memory requirements for certain X11 core protocol and GLX extension requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges.

tags | advisory, overflow, arbitrary, root, protocol
systems | linux, redhat
advisories | CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102
SHA-256 | 478f070d556ff6738f2ac1014c8ee79908298350847ffa377f7e6050e494c65a
Ubuntu Security Notice USN-2438-1
Posted Dec 10, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2438-1 - It was discovered that the NVIDIA graphics drivers incorrectly handled GLX indirect rendering support. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-8091, CVE-2014-8098, CVE-2014-8298
SHA-256 | fa484be0b21a40b843627bb8f7be06f9cef7750acfe2f8d5d2e6ee934774f33e
Debian Security Advisory 3095-1
Posted Dec 10, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3095-1 - Ilja van Sprundel of IOActive discovered several security issues in the X.org X server, which may lead to privilege escalation or denial of service.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8094, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102
SHA-256 | ed1eb05fa57ccac0c93e9a85d88f065d5987699336294e614459974fe35a3110
Ubuntu Security Notice USN-2436-1
Posted Dec 9, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2436-1 - Ilja van Sprundel discovered a multitude of security issues in the X.Org X server. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8094, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102, CVE-2014-8103
SHA-256 | 97deccba022aa2cc95bda1a026d6949fb81fdc208c22a7019aa4f37ecc4abd4a
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close