Input validation error in NGINX xorg-server
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2014-8094 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
xorg-server Other software / Other software solutions Oracle Solaris Operating systems & Components / Operating system Debian Linux Operating systems & Components / Operating system |
| Vendor |
xorg.freedesktop.org Oracle Debian |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Input validation error
EUVDB-ID: #VU41020
Risk: Low
CVSSv3.1: 3.1 [CVSS:3.1/AV:N/AC:L/PR:/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C]
CVE-ID: CVE-2014-8094
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows remote authenticated users to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, which triggers an out-of-bounds read or write.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsxorg-server: 1.7.0 - 1.16.2.901
Oracle Solaris: 1.7.0 - 11.2
Debian Linux: 1.7.0 - 11.2
CPE2.3- cpe:2.3:a:xorg.freedesktop.org:xorg-server:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:xorg.freedesktop.org:xorg-server:1.7.0.901:*:*:*:*:*:*:*
- cpe:2.3:a:xorg.freedesktop.org:xorg-server:1.7.0.902:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:1.7.0.901:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:1.7.0.902:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:1.7.0.901:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:1.7.0.902:*:*:*:*:*:*:*
http://advisories.mageia.org/MGASA-2014-0532.html
http://secunia.com/advisories/61947
http://secunia.com/advisories/62292
http://www.debian.org/security/2014/dsa-3095
http://www.mandriva.com/security/advisories?name=MDVSA-2015:119
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.securityfocus.com/bid/71601
http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/
http://security.gentoo.org/glsa/201504-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
