CVE-2014-8095

Name of the Vulnerable Software and Affected Versions xorg-x11-server-Xdmx version 1.15.0 xorg-x11-server-debuginfo version 1.15.0 xorg-x11-server-Xnest version 1.15.0 xorg-x11-server-Xephyr version 1.15.0 xorg-x11-server-source version 1.15.0 xorg-x11-server-Xvfb version 1.15.0 xorg-x11-server-debuginfo version 1.1.1 xorg-x11-server-common version 1.15.0 xorg-x11-server version 1.15.0 xorg-x11-server-Xvnc-source version 1.1.1 xorg-x11-server-devel version 1.15.0 xorg-x11-server-Xorg version 1.15.0

Description The XInput extension in X.Org X Window System allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via a crafted length or index value to certain functions, including SProcXChangeDeviceControl, ProcXChangeDeviceControl, ProcXChangeFeedbackControl, ProcXSendExtensionEvent, SProcXIAllowEvents, SProcXIChangeCursor, ProcXIChangeHierarchy, SProcXIGetClientPointer, SProcXIGrabDevice, SProcXIUngrabDevice, ProcXIUngrabDevice, SProcXIPassiveGrabDevice, ProcXIPassiveGrabDevice, SProcXIPassiveUngrabDevice, ProcXIPassiveUngrabDevice, SProcXListDeviceProperties, SProcXDeleteDeviceProperty, SProcXIListProperties, SProcXIDeleteProperty, SProcXIGetProperty, SProcXIQueryDevice, SProcXIQueryPointer, SProcXISelectEvents, SProcXISetClientPointer, SProcXISetFocus, SProcXIGetFocus, or SProcXIWarpPointer. This issue can lead to a disruption of confidentiality, integrity, and availability of protected information.

Recommendations As a temporary workaround, consider disabling the SProcXChangeDeviceControl function until a patch is available. Restrict access to the XInput extension to minimize the risk of exploitation. Avoid using the X.Org X Window System version prior to 1.16.3 until the issue is resolved. Update to a version of xorg-x11-server later than 1.15.0 to mitigate the risk. Disable the ProcXChangeDeviceControl function as a temporary measure to prevent exploitation. Restrict access to the ProcXChangeFeedbackControl function to prevent unauthorized use. Avoid using the ProcXSendExtensionEvent function until a patch is available. Disable the SProcXIAllowEvents function as a temporary workaround. Restrict access to the SProcXIChangeCursor function to minimize the risk of exploitation. Avoid using the ProcXIChangeHierarchy function until the issue is resolved. Disable the SProcXIGetClientPointer function as a temporary measure to prevent exploitation. Restrict access to the SProcXIGrabDevice function to prevent unauthorized use. Avoid using the SProcXIUngrabDevice function until a patch is available. Disable the ProcXIUngrabDevice function as a temporary workaround. Restrict access to the SProcXIPassiveGrabDevice function to minimize the risk of exploitation. Avoid using the ProcXIPassiveGrabDevice function until the issue is resolved. Disable the SProcXIPassiveUngrabDevice function as a temporary measure to prevent exploitation. Restrict access to the ProcXIPassiveUngrabDevice function to prevent unauthorized use. Avoid using the SProcXListDeviceProperties function until a patch is available. Disable the SProcXDeleteDeviceProperty function as a temporary workaround. Restrict access to the SProcXIListProperties function to minimize the risk of exploitation. Avoid using the SProcXIDeleteProperty function until the issue is resolved. Disable the SProcXIGetProperty function as a temporary measure to prevent exploitation. Restrict access to the SProcXIQueryDevice function to prevent unauthorized use. Avoid using the SProcXIQueryPointer function until a patch is available. Disable the SProcXISelectEvents function as a temporary workaround. Restrict access to the SProcXISetClientPointer function to minimize the risk of exploitation. Avoid using the SProcXISetFocus function until the issue is resolved. Disable the SProcXIGetFocus function as a temporary measure to prevent exploitation. Restrict access to the SProcXIWarpPointer function to prevent unauthorized use.