CVE-2017-2624

MEDIUM

x.org x_server < 1.19.4 - Covert Timing Channel via MIT Cookie memcmp Comparison

Title source: llm
STIX 2.1

Description

It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.

References (8)

Core 8
Core References
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201704-03
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037919
Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201710-30
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/96480
Exploit, Third Party Advisory x_refsource_misc
https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
Exploit, Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624

Scores

CVSS v3 5.9
EPSS 0.0067
EPSS Percentile 47.7%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Details

CWE
CWE-200 CWE-385
Status published
Products (2)
debian/debian_linux 7.0
x.org/x_server < 1.19.4
Published Jul 27, 2018
Tracked Since Feb 18, 2026