X.org X Server up to 1.16.3/1.17.0 XkbSetGeometry Request information disclosure
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.2 | $0-$5k | 0.00 |
Summary
A vulnerability has been found in X.org X Server up to 1.16.3/1.17.0 and classified as problematic. The affected element is an unknown function of the component XkbSetGeometry Request Handler. This manipulation causes information disclosure. This vulnerability appears as CVE-2015-0255. There is no available exploit. The affected component should be upgraded.
Details
A vulnerability was found in X.org X Server up to 1.16.3/1.17.0. It has been declared as critical. Affected by this vulnerability is an unknown part of the component XkbSetGeometry Request Handler. The manipulation with an unknown input leads to a information disclosure vulnerability. The CWE definition for the vulnerability is CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. As an impact it is known to affect confidentiality, and availability.
The weakness was presented 02/10/2015 by Olivier as Advisory-2015-02-10 as confirmed advisory (Website). It is possible to read the advisory at x.org. This vulnerability is known as CVE-2015-0255 since 11/18/2014. The attack can be launched remotely. The exploitation doesn't need any form of authentication. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1592 according to MITRE ATT&CK. The advisory points out:
The issue stems from the server trusting the client to send valid string lengths in the request data. A malicious client with string lengths exceeding the request length can cause the server to copy adjacent memory data into the XKB structs. This data is then available to the client via the XkbGetGeometry request. The data length is at least up to 64k, it is possible to obtain more data by chaining strings, each string length is then determined by whatever happens to be in that 16-bit region of memory.
The vulnerability scanner Nessus provides a plugin with the ID 83690 (SUSE SLED12 / SLES12 Security Update : xorg-x11-server (SUSE-SU-2015:0398-1)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family SuSE Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 123718 (Oracle Solaris 10 Multiple Vulnerabilities (Third Party Bulletin - July 2015)).
Upgrading to version 1.16.4 or 1.17.1 eliminates this vulnerability. The upgrade is hosted for download at cgit.freedesktop.org. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (83690), SecurityFocus (BID 72578†), SecurityTracker (ID 1031727†) and Vulnerability Center (SBV-51372†). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.x.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.5VulDB Meta Temp Score: 6.2
VulDB Base Score: 6.5
VulDB Temp Score: 6.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Information disclosureCWE: CWE-200 / CWE-284 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 83690
Nessus Name: SUSE SLED12 / SLES12 Security Update : xorg-x11-server (SUSE-SU-2015:0398-1)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
OpenVAS ID: 80091
OpenVAS Name: RedHat Update for xorg-x11-server RHSA-2015:0797-01
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: X Server 1.16.4/1.17.1
Timeline
11/18/2014 🔍02/10/2015 🔍
02/10/2015 🔍
02/11/2015 🔍
02/11/2015 🔍
02/11/2015 🔍
02/13/2015 🔍
02/13/2015 🔍
05/20/2015 🔍
07/16/2015 🔍
08/29/2025 🔍
Sources
Vendor: x.orgAdvisory: Advisory-2015-02-10
Researcher: Olivier
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2015-0255 (🔍)
GCVE (CVE): GCVE-0-2015-0255
GCVE (VulDB): GCVE-100-69163
OVAL: 🔍
SecurityFocus: 72578 - X.Org X Server 'xkb/xkb.c' Information Disclosure Vulnerability
SecurityTracker: 1031727 - X.Org X Server XkbSetGeometry Request Handling Error Lets Remote Users Obtain Potentially Sensitive Information
Vulnerability Center: 51372 - X.Org Server Remote Information Disclosure or DoS via a Crafted String in a \x27XkbSetGeometry\x27 Request, Medium
Entry
Created: 02/11/2015 16:11Updated: 08/29/2025 15:49
Changes: 02/11/2015 16:11 (74), 07/13/2017 10:42 (9), 03/10/2022 11:24 (3), 03/10/2022 11:31 (1), 08/29/2025 15:49 (15)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.