Vigil@nce - X.Org: multiple vulnerabilities
April 2017 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of X.Org.
Impacted products: Fedora, XOrg Bundle not comprehensive, libX11.
Severity: 2/4.
Creation date: 28/02/2017.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in X.Org.
An attacker can bypass security features via MIT Cookie Brute
Force, in order to escalate his privileges. [severity:1/4;
CVE-2017-2624]
An attacker can force the usage of a freed memory area via
XdmToID(), in order to trigger a denial of service, and possibly
to run code. [severity:2/4]
An attacker can bypass security features via libXdmcp, in order to
escalate his privileges. [severity:1/4; CVE-2017-2625]
An attacker can bypass security features via libICE, in order to
escalate his privileges. [severity:1/4; CVE-2017-2626]
An unknown vulnerability was announced via GenerateRandomData().
[severity:1/4]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/X-Org-multiple-vulnerabilities-21979