Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1377

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2008-1377
Last Modified 07 Mar 2011 10:07:00
Published 16 Jun 2008 03:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-1377

Summary

The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

Vulnerable Systems

Application

  • X11 R7.3


References

UBUNTU - USN-616-1

DEBIAN - DSA-1595

REDHAT - RHSA-2008:0502

SUSE - SUSE-SA:2008:027

CONFIRM - https://issues.rpath.com/browse/RPL-2619

CONFIRM - https://issues.rpath.com/browse/RPL-2607

VUPEN - ADV-2008-3000

VUPEN - ADV-2008-1983

VUPEN - ADV-2008-1833

VUPEN - ADV-2008-1803

BUGTRAQ - 20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs

BUGTRAQ - 20080620 rPSA-2008-0200-1 xorg-server

REDHAT - RHSA-2008:0503

MANDRIVA - MDVSA-2008:116

MANDRIVA - MDVSA-2008:115

GENTOO - GLSA-200807-07

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm

CONFIRM - http://support.apple.com/kb/HT3438

SUNALERT - 238686

SECTRACK - 1020247

GENTOO - GLSA-200806-07

SECUNIA - 33937

SECUNIA - 32545

SECUNIA - 32099

SECUNIA - 31109

SECUNIA - 31025

SECUNIA - 30843

SECUNIA - 30809

SECUNIA - 30772

SECUNIA - 30715

SECUNIA - 30671

SECUNIA - 30666

SECUNIA - 30664

SECUNIA - 30659

SECUNIA - 30637

SECUNIA - 30630

SECUNIA - 30629

SECUNIA - 30628

SECUNIA - 30627

REDHAT - RHSA-2008:0512

REDHAT - RHSA-2008:0504

SUSE - SUSE-SR:2008:019

MLIST - [xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions

APPLE - APPLE-SA-2009-02-12

IDEFENSE - 20080611 Multiple Vendor X Server Record and Security Extensions Multiple Memory Corruption Vulnerabilities

HP - HPSBUX02381

CONFIRM - ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff

HP - SSRT080083

Related Patches

Apple 2009-02-12 Security Update 2009-001 Server (Tiger PPC)

Apple 2009-02-12 Security Update 2009-001 (Tiger PPC)

Apple 2009-02-12 Security Update 2009-001 Server (Tiger Intel)

Apple 2009-02-12 Security Update 2009-001 (Tiger Intel)

Novell SUSE 2008:5321 xorg-x11-Xnest security update for SLE 10 i586


Last Updated: 27 May 2016 10:47:28