CVE-2017-2624

It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.

CVSS v3.0 7.0 HIGH
CVSS v2.0 1.9 LOW

7.0^/10

CVSS v3.0 : HIGH

V3 Legend

Vector : AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

1.9^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/	Exploit Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624	Exploit Issue Tracking Third Party Advisory
https://security.gentoo.org/glsa/201710-30	Third Party Advisory
https://security.gentoo.org/glsa/201704-03	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html	Third Party Advisory
http://www.securitytracker.com/id/1037919	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/96480	Third Party Advisory VDB Entry
https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Information

Published : 2018-07-27 11:29

Updated : 2019-10-09 16:26

NVD link : CVE-2017-2624

Mitre link : CVE-2017-2624

JSON object : View

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Products Affected

debian

debian_linux

x.org

xorg-server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/", "name": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://security.gentoo.org/glsa/201710-30", "name": "GLSA-201710-30", "tags": ["Third Party Advisory"], "refsource": "GENTOO"}, {"url": "https://security.gentoo.org/glsa/201704-03", "name": "GLSA-201704-03", "tags": ["Third Party Advisory"], "refsource": "GENTOO"}, {"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html", "name": "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update", "tags": ["Third Party Advisory"], "refsource": "MLIST"}, {"url": "http://www.securitytracker.com/id/1037919", "name": "1037919", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/96480", "name": "96480", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c", "name": "https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c", "tags": ["Patch", "Third Party Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-200"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-2624", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}}, "publishedDate": "2018-07-27T18:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.19.4"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-10-09T23:26Z"}

7.0 /10