Vulnerabilities > CVE-2015-3418 - Divide By Zero vulnerability in X.Org Xorg-Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201701-64.NASL description The remote host is affected by the vulnerability described in GLSA-201701-64 (X.Org X Server: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in X.Org X Server. Please review the CVE identifiers referenced below for details. Impact : An authenticated attacker could possibly cause a Denial of Service condition or read from or send information to arbitrary X11 clients. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 96786 published 2017-01-26 reporter This script is Copyright (C) 2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96786 title GLSA-201701-64 : X.Org X Server: Multiple vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DLA-120.NASL description Andreas Cord-Landwehr reported an issue where the X.Org Xserver would often crash with an arithmetic exception when maximizing application windows. This issue (CVE-2015-3418) is a regression which got introduced by fixing CVE-2014-8092. The above referenced version of xorg-server in Debian squeeze-lts fixes this regression in the following way : The length checking code validates PutImage height and byte width by making sure that byte-width >= INT32_MAX / height. If height is zero, this generates a divide by zero exception. Allow zero height requests explicitly, bypassing the INT32_MAX check (in dix/dispatch.c). NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-03-26 plugin id 82103 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82103 title Debian DLA-120-2 : xorg-server regression update NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1025-1.NASL description This update for xorg-x11-server fixes a regression introduced with the fix for CVE-2014-8092 : CVE-2015-3418: Xserver: PutImage crashes Server when called with 0 height. (bsc#928520) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 84116 published 2015-06-11 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84116 title SUSE SLED11 / SLES11 Security Update : xorg-x11-server (SUSE-SU-2015:1025-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1127-1.NASL description The X Server was updated to fix 1 security issues and 4 bugs : Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 84396 published 2015-06-25 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84396 title SUSE SLED12 / SLES12 Security Update : xorg-x11-server (SUSE-SU-2015:1127-1)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- http://www.securityfocus.com/bid/74328
- http://www.securityfocus.com/bid/74328
- https://cgit.freedesktop.org/xorg/xserver/commit/?id=dc777c346d5d452a53b13b917c45f6a1bad2f20b
- https://cgit.freedesktop.org/xorg/xserver/commit/?id=dc777c346d5d452a53b13b917c45f6a1bad2f20b
- https://lists.x.org/archives/xorg-announce/2015-February/002532.html
- https://lists.x.org/archives/xorg-announce/2015-February/002532.html
- https://security.gentoo.org/glsa/201701-64
- https://security.gentoo.org/glsa/201701-64