CVE-2017-2624
MEDIUMx.org x_server < 1.19.4 - Covert Timing Channel via MIT Cookie memcmp Comparison
Title source: llmDescription
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.
References (8)
Core 8
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201704-03
Patch, Third Party Advisory x_refsource_confirm
https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037919
Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201710-30
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96480
Exploit, Third Party Advisory x_refsource_misc
https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
Exploit, Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624
Scores
CVSS v3
5.9
EPSS
0.0067
EPSS Percentile
47.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Details
CWE
CWE-200
CWE-385
Status
published
Products (2)
debian/debian_linux
7.0
x.org/x_server
< 1.19.4
Published
Jul 27, 2018
Tracked Since
Feb 18, 2026