Описание
A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
A vulnerability was found in X.Org. This issue occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This flaw can lead to local privileges elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
Отчет
Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore Red Hat Enterprise Linux 8 and 9 have been rated with a Moderate severity.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | tigervnc | Out of support scope | ||
| Red Hat Enterprise Linux 6 | xorg-x11-server | Out of support scope | ||
| Red Hat Enterprise Linux 7 | tigervnc | Fixed | RHSA-2023:0045 | 09.01.2023 |
| Red Hat Enterprise Linux 7 | xorg-x11-server | Fixed | RHSA-2023:0046 | 09.01.2023 |
| Red Hat Enterprise Linux 8 | xorg-x11-server-Xwayland | Fixed | RHSA-2023:2805 | 16.05.2023 |
| Red Hat Enterprise Linux 8 | xorg-x11-server | Fixed | RHSA-2023:2806 | 16.05.2023 |
| Red Hat Enterprise Linux 8 | tigervnc | Fixed | RHSA-2023:2830 | 16.05.2023 |
| Red Hat Enterprise Linux 9 | xorg-x11-server | Fixed | RHSA-2023:2248 | 09.05.2023 |
| Red Hat Enterprise Linux 9 | xorg-x11-server-Xwayland | Fixed | RHSA-2023:2249 | 09.05.2023 |
| Red Hat Enterprise Linux 9 | tigervnc | Fixed | RHSA-2023:2257 | 09.05.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
A vulnerability was found in X.Org. This security flaw occurs because ...
A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
Уязвимость функции ScreenSaverSetAttributes реализации сервера X Window System X.Org Server, реализации протокола Wayland для X.Org XWayland, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
EPSS
8.8 High
CVSS3