Bug 1895295 (CVE-2020-25697) - CVE-2020-25697 xorg-x11-server: local privilege escalation
Summary: CVE-2020-25697 xorg-x11-server: local privilege escalation
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2020-25697
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1910619 1896017 1896018
Blocks: 1895294 1939827
TreeView+ depends on / blocked
 
Reported: 2020-11-06 09:13 UTC by msiddiqu
Modified: 2021-06-22 07:52 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients. This flaw allows an attacker to take control of an X application by impersonating the server it is expecting to connect to.
Clone Of:
Environment:
Last Closed: 2020-11-24 17:34:02 UTC


Attachments (Terms of Use)

Description msiddiqu 2020-11-06 09:13:26 UTC
While X11 servers authenticate their clients, X11 clients *do not* authenticate the server.  This can be exploited to take control of an X application by impersonating the server it is expecting to connect to.

Comment 1 msiddiqu 2020-11-09 16:11:33 UTC
Public via:

https://www.openwall.com/lists/oss-security/2020/11/09/3

Comment 2 msiddiqu 2020-11-09 16:13:59 UTC
Created libX11 tracking bugs for this issue:

Affects: fedora-all [bug 1896017]


Created xorg-x11-server tracking bugs for this issue:

Affects: fedora-all [bug 1896018]

Comment 4 Huzaifa S. Sidhpurwala 2020-11-11 05:06:43 UTC
External References:

https://www.openwall.com/lists/oss-security/2020/11/09/3

Comment 5 Product Security DevOps Team 2020-11-24 17:34:02 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-25697

Comment 6 Huzaifa S. Sidhpurwala 2020-12-08 05:57:29 UTC
Statement:

As per upstream, exploiting this flaw is non-trivial and it requires exact timing on the behalf of the attacker. Many graphical applications exit if their connection to the X server is lost, so a typical desktop session is either impossible or difficult to exploit. There is currently no upstream patch available for this flaw.


Note You need to log in before you can comment on or make changes to this bug.