PT-2012-1145 · X.Org · Xorg-X11+1

Kees Cook

Published

2012-05-18

Updated

2017-08-29

CVE-2012-2118

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions X.Org X11 version 1.11 xorg-server versions prior to 1.11.4-r1

Description The issue is related to a format string vulnerability in the LogVHdrMessageVerb function. This vulnerability can be exploited to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name. The vulnerability can be exploited remotely and may lead to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For X.Org X11 version 1.11, update to a version newer than 1.11.4-r1 to resolve the issue. For xorg-server versions prior to 1.11.4-r1, update to version 1.11.4-r1 or newer to fix the vulnerability.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2015-09669

CVE-2012-2118

Affected Products

Xorg-X11

Xorg-Server

PT-2012-1145 · X.Org · Xorg-X11+1

CVE-2012-2118

Weakness Enumeration

Related Identifiers

Affected Products

References · 11