ID CVE-2016-7948
Summary X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data.
References
Vulnerable Configurations
  • cpe:2.3:a:x.org:libxrandr:1.5.0
    cpe:2.3:a:x.org:libxrandr:1.5.0
  • Fedora 25
    cpe:2.3:o:fedoraproject:fedora:25
  • Fedora 24
    cpe:2.3:o:fedoraproject:fedora:24
CVSS
Base: 7.5 (as of 14-12-2016 - 16:27)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-D045C2C7B3.NASL
    description Security fix for CVE-2016-7947, CVE-2016-7948 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 94489
    published 2016-11-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94489
    title Fedora 23 : libXrandr (2016-d045c2c7b3)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2505-1.NASL
    description This update for the X Window System client libraries fixes a class of privilege escalation issues. A malicious X Server could send specially crafted data to X clients, which allowed for triggering crashes, or privilege escalation if this relationship was untrusted or crossed user or permission level boundaries. libX11, libXfixes, libXi, libXrandr, libXrender, libXtst, libXv, libXvMC were fixed, specifically: libX11 : - CVE-2016-7942: insufficient validation of data from the X server allowed out of boundary memory read (bsc#1002991) libXfixes : - CVE-2016-7944: insufficient validation of data from the X server can cause an integer overflow on 32 bit architectures (bsc#1002995) libXi : - CVE-2016-7945, CVE-2016-7946: insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1002998) libXtst : - CVE-2016-7951, CVE-2016-7952: insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1003012) libXv : - CVE-2016-5407: insufficient validation of data from the X server can cause out of boundary memory and memory corruption (bsc#1003017) libXvMC : - CVE-2016-7953: insufficient validation of data from the X server can cause a one byte buffer read underrun (bsc#1003023) libXrender : - CVE-2016-7949, CVE-2016-7950: insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003002) libXrandr : - CVE-2016-7947, CVE-2016-7948: insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003000) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 94036
    published 2016-10-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94036
    title SUSE SLED12 / SLES12 Security Update : X Window System client libraries (SUSE-SU-2016:2505-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-83040426D6.NASL
    description Security fix for CVE-2016-7947, CVE-2016-7948 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 93923
    published 2016-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93923
    title Fedora 24 : libXrandr (2016-83040426d6)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1214.NASL
    description This update for the X Window System client libraries fixes a class of privilege escalation issues. A malicious X Server could send specially crafted data to X clients, which allowed for triggering crashes, or privilege escalation if this relationship was untrusted or crossed user or permission level boundaries. libX11, libXfixes, libXi, libXrandr, libXrender, libXtst, libXv, libXvMC were fixed, specifically : libX11 : - CVE-2016-7942: insufficient validation of data from the X server allowed out of boundary memory read (bsc#1002991) libXfixes : - CVE-2016-7944: insufficient validation of data from the X server can cause an integer overflow on 32 bit architectures (bsc#1002995) libXi : - CVE-2016-7945, CVE-2016-7946: insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1002998) libXtst : - CVE-2016-7951, CVE-2016-7952: insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1003012) libXv : - CVE-2016-5407: insufficient validation of data from the X server can cause out of boundary memory and memory corruption (bsc#1003017) libXvMC : - CVE-2016-7953: insufficient validation of data from the X server can cause a one byte buffer read underrun (bsc#1003023) libXrender : - CVE-2016-7949, CVE-2016-7950: insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003002) libXrandr : - CVE-2016-7947, CVE-2016-7948: insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003000) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 94220
    published 2016-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94220
    title openSUSE Security Update : X Window System client libraries (openSUSE-2016-1214)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2828-1.NASL
    description This update for the X Window System client libraries fixes a class of privilege escalation issues. A malicious X Server could send specially crafted data to X clients, which allowed for triggering crashes, or privilege escalation if this relationship was untrusted or crossed user or permission level boundaries. libX11, libXfixes, libXi, libXrandr, libXrender, libXtst, libXv, libXvMC were fixed, specifically: libX11 : - CVE-2016-7942: insufficient validation of data from the X server allowed out of boundary memory read (bsc#1002991) libXfixes : - CVE-2016-7944: insufficient validation of data from the X server can cause an integer overflow on 32 bit architectures (bsc#1002995) libXi : - CVE-2016-7945, CVE-2016-7946: insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1002998) libXtst : - CVE-2016-7951, CVE-2016-7952: insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1003012) libXv : - CVE-2016-5407: insufficient validation of data from the X server can cause out of boundary memory and memory corruption (bsc#1003017) libXvMC : - CVE-2016-7953: insufficient validation of data from the X server can cause a one byte buffer read underrun (bsc#1003023) libXrender : - CVE-2016-7949, CVE-2016-7950: insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003002) libXrandr : - CVE-2016-7947, CVE-2016-7948: insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003000) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 94939
    published 2016-11-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94939
    title SUSE SLED12 / SLES12 Security Update : X Window System client libraries (SUSE-SU-2016:2828-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1420.NASL
    description This update for X Window System client libraries fixes a class of privilege escalation issues. A malicious X server could send specially crafted data to X clients, which allowed for triggering crashes, or privilege escalation if this relationship was untrusted or crossed user or permission level boundaries. The following libraries have been fixed : libX11 : - plugged a memory leak (boo#1002991, CVE-2016-7942). - insufficient validation of data from the X server can cause out of boundary memory read (XGetImage()) or write (XListFonts()) (boo#1002991, CVE-2016-7942). libXi : - Integer overflows in libXi can cause out of boundary memory access or endless loops (Denial of Service) (boo#1002998, CVE-2016-7945). - Insufficient validation of data in libXi can cause out of boundary memory access or endless loops (Denial of Service) (boo#1002998, CVE-2016-7946). libXrandr : - Insufficient validation of data from the X server can cause out of boundary memory writes (boo#1003000, CVE-2016-7947, CVE-2016-7948).
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 95644
    published 2016-12-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95644
    title openSUSE Security Update : X Window System client libraries (openSUSE-2016-1420)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-660.NASL
    description Insufficient validation of data from the X server in libxrandr before v1.5.0 can cause out of boundary memory writes and integer overflows. For Debian 7 'Wheezy', these problems have been fixed in version 2:1.3.2-2+deb7u2. We recommend that you upgrade your libxrandr packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 94101
    published 2016-10-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94101
    title Debian DLA-660-1 : libxrandr security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-A06C8CC941.NASL
    description Security fix for CVE-2016-7947, CVE-2016-7948 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 94843
    published 2016-11-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94843
    title Fedora 25 : libXrandr (2016-a06c8cc941)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-3189-1.NASL
    description This update for xorg-x11-libs fixes the following issues : - insufficient validation of data from the X server can cause a one byte buffer read underrun (bsc#1003023, CVE-2016-7953) - insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1003012, CVE-2016-7951, CVE-2016-7952) - insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003000, CVE-2016-7947, CVE-2016-7948) - insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service). (bsc#1002998, CVE-2016-7945, CVE-2016-7946) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 96034
    published 2016-12-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96034
    title SUSE SLES11 Security Update : xorg-x11-libs (SUSE-SU-2016:3189-1)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2016-305-02.NASL
    description New x11 packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen 2019-02-21
    modified 2017-09-21
    plugin id 94439
    published 2016-11-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94439
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : x11 (SSA:2016-305-02)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201704-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-201704-03 (X.Org: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in X.Org server and libraries. Please review the CVE identifiers referenced below for details. Impact : A local or remote users can utilize the vulnerabilities to attach to the X.Org session as a user and execute arbitrary code. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2017-04-11
    plugin id 99276
    published 2017-04-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99276
    title GLSA-201704-03 : X.Org: Multiple vulnerabilities
refmap via4
bid 93373
confirm https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6
fedora
  • FEDORA-2016-83040426d6
  • FEDORA-2016-a06c8cc941
gentoo GLSA-201704-03
mlist
  • [oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries
  • [oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries
  • [xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries
sectrack 1036945
Last major update 14-12-2016 - 21:55
Published 13-12-2016 - 15:59
Last modified 30-06-2017 - 21:30
Back to Top