CVE-2017-13721 — Improper Privilege Management in X Server

CWE-269 — Improper Privilege Management CWE-20 — Improper Input Validation10 documents8 sources

Severity

4.7MEDIUMNVD

EPSS

0.1%

top 75.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Xorg-server X.org X Server Debian Linux

Timeline

PublishedOct 10

Latest updateMay 13

Description

In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages3 packages

▶Debianx.org/xorg-server< 2:1.19.4-1+3

▶Ubuntux.org/xorg-server< 2:1.15.1-0ubuntu2.10+1

▶NVDx.org/x_server1.19.3

Also affects: Debian Linux 8.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-p2j5-8c6q-m7cw: In X↗2022-05-13

▶

OSV

xorg-server, xorg-server-hwe-16.04, xorg-server-lts-xenial vulnerabilities↗2017-10-12

▶

OSV

CVE-2017-13721: In X↗2017-10-10

▶

CVEList

CVE-2017-13721: In X↗2017-10-09

▶

📋Vendor Advisories

Ubuntu

X.Org X server vulnerabilities↗2017-10-12

▶

Red Hat

xorg-x11-server: Insufficient validation of shmseg resource id↗2017-10-04

▶

Debian

CVE-2017-13721: xorg-server - In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authent...↗2017

▶

💬Community

Bugzilla

CVE-2017-13721 xorg-x11-server: Insufficient validation of shmseg resource id↗2017-10-10

▶

Bugzilla

CVE-2017-13721 CVE-2017-13723 xorg-x11-server: various flaws [fedora-all]↗2017-10-10

▶