In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp.

According to the version of the xorg-x11-server packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - In X.Org Server (aka xserver and xorg-server) before     1.19.4, a local attacker authenticated to the X server     could overflow a global buffer, causing crashes of the     X server or potentially other problems by injecting     large or malformed XKB related atoms and accessing them     via xkbcomp.(CVE-2017-13723)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for xorg-x11-server fixes several issues. These security issues were fixed :

  - CVE-2017-13721: Missing validation of shmseg resource id     in Xext/XShm could lead to shared memory segments of     other users beeing freed (bnc#1052984)

  - CVE-2017-13723: A local denial of service via unusual     characters in XkbAtomText and XkbStringText was fixed     (bnc#1051150)

  -     CVE-2017-12184,CVE-2017-12185,CVE-2017-12186,CVE-2017-12     187: Fixed unvalidated lengths in multiple extensions     (bsc#1063034)

  - CVE-2017-12183: Fixed some unvalidated lengths in the     XFIXES extension. (bsc#1063035)

  - CVE-2017-12180,CVE-2017-12181,CVE-2017-12182: Fixed     various unvalidated lengths in the     XFree86-VidMode/XFree86-DGA/XFree86-DRI extensions     (bsc#1063037)

  - CVE-2017-12179: Fixed an integer overflow and     unvalidated length in (S)ProcXIBarrierReleasePointer in     Xi (bsc#1063038)

  - CVE-2017-12178: Fixed a wrong extra length check in     ProcXIChangeHierarchy in Xi (bsc#1063039)

  - CVE-2017-12177: Fixed an unvalidated variable-length     request in ProcDbeGetVisualInfo (bsc#1063040)

  - CVE-2017-12176: Fixed an unvalidated extra length in     ProcEstablishConnection (bsc#1063041)

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities have been discovered in the X.Org X server. An attacker who's able to connect to an X server could cause a denial of service or potentially the execution of arbitrary code.

For Debian 7 'Wheezy', these problems have been fixed in version 2:1.12.4-6+deb7u8.

We recommend that you upgrade your xorg-server packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for xorg-x11-server provides several fixes. These security issues were fixed :

  - CVE-2017-13723: Prevent local DoS via unusual characters     in XkbAtomText and XkbStringText (bsc#1051150).

  - Improve the entropy when generating random data used in     X.org server authorization cookies generation by using     getentropy() and getrandom() when available     (bsc#1025084)

  -     CVE-2017-12184,CVE-2017-12185,CVE-2017-12186,CVE-2017-12     187: Fixed unvalidated lengths in multiple extensions     (bsc#1063034)

  - CVE-2017-12183: Fixed some unvalidated lengths in the     XFIXES extension. (bsc#1063035)

  - CVE-2017-12180,CVE-2017-12181,CVE-2017-12182: Fixed     various unvalidated lengths in the     XFree86-VidMode/XFree86-DGA/XFree86-DRI extensions     (bsc#1063037)

  - CVE-2017-12179: Fixed an integer overflow and     unvalidated length in (S)ProcXIBarrierReleasePointer in     Xi (bsc#1063038)

  - CVE-2017-12178: Fixed a wrong extra length check in     ProcXIChangeHierarchy in Xi (bsc#1063039)

  - CVE-2017-12177: Fixed an unvalidated variable-length     request in ProcDbeGetVisualInfo (bsc#1063040)

  - CVE-2017-12176: Fixed an unvalidated extra length in     ProcEstablishConnection (bsc#1063041)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201710-30 (X.Org Server: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in X.Org Server. Please       review the referenced CVE identifiers for details.
  Impact :

    A local attacker could cause a global buffer overflow or a Denial of       Service condition.
  Workaround :

    There is no known workaround at this time

Several vulnerabilities have been discovered in the X.Org X server. An attacker who's able to connect to an X server could cause a denial of service or potentially the execution of arbitrary code.

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3453-1 advisory.

    Michal Srb discovered that the X.Org X server incorrectly handled shared memory segments. An attacker able     to connect to an X server, either locally or remotely, could use this issue to crash the server, or     possibly replace shared memory segments of other X clients in the same session. (CVE-2017-13721)

    Michal Srb discovered that the X.Org X server incorrectly handled XKB buffers. An attacker able to connect     to an X server, either locally or remotely, could use this issue to crash the server, or possibly execute     arbitrary code. (CVE-2017-13723)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Alan Coopersmith reports :

X.Org thanks Michal Srb of SuSE for finding these issues and bringing them to our attention, Julien Cristau of Debian for getting the fixes integrated, and Adam Jackson of Red Hat for publishing the release.

New xorg-server packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

ID	Name	Product	Family	Severity
104914	EulerOS 2.0 SP2 : xorg-x11-server (EulerOS-SA-2017-1296)	Nessus	Huawei Local Security Checks	high
104913	EulerOS 2.0 SP1 : xorg-x11-server (EulerOS-SA-2017-1295)	Nessus	Huawei Local Security Checks	high
104776	SUSE SLED12 / SLES12 Security Update : xorg-x11-server (SUSE-SU-2017:3047-1)	Nessus	SuSE Local Security Checks	critical
104745	Debian DLA-1186-1 : xorg-server security update	Nessus	Debian Local Security Checks	critical
104651	SUSE SLES11 Security Update : xorg-x11-server (SUSE-SU-2017:3025-1)	Nessus	SuSE Local Security Checks	critical
104231	GLSA-201710-30 : X.Org Server: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
103882	Debian DSA-4000-1 : xorg-server - security update	Nessus	Debian Local Security Checks	critical
103834	Ubuntu 14.04 LTS / 16.04 LTS : X.Org X server vulnerabilities (USN-3453-1)	Nessus	Ubuntu Local Security Checks	high
103741	FreeBSD : xorg-server -- multiple vulnabilities (4f8ffb9c-f388-4fbd-b90f-b3131559d888)	Nessus	FreeBSD Local Security Checks	high
103705	Slackware 14.0 / 14.1 / 14.2 / current : xorg-server (SSA:2017-279-03)	Nessus	Slackware Local Security Checks	high

Detections

Analytics

CVE-2017-13723

high

Tenable Plugins

high

high

critical

critical

critical

high

critical

high

high

high