CVE-2007-5760

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index.

References

http://bugs.gentoo.org/show_bug.cgi?id=204362

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=646

http://lists.freedesktop.org/archives/xorg/2008-January/031918.html

http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html

http://secunia.com/advisories/28273

http://secunia.com/advisories/28532

http://secunia.com/advisories/28535

http://secunia.com/advisories/28536

http://secunia.com/advisories/28539

http://secunia.com/advisories/28540

http://secunia.com/advisories/28543

http://secunia.com/advisories/28550

http://secunia.com/advisories/28584

http://secunia.com/advisories/28592

http://secunia.com/advisories/28616

http://secunia.com/advisories/28693

http://secunia.com/advisories/28718

http://secunia.com/advisories/28843

http://secunia.com/advisories/28885

http://secunia.com/advisories/28941

http://secunia.com/advisories/29707

http://secunia.com/advisories/30161

http://security.gentoo.org/glsa/glsa-200801-09.xml

http://security.gentoo.org/glsa/glsa-200804-05.xml

http://securitytracker.com/id?1019232

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103200-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-200153-1

http://support.avaya.com/elmodocs2/security/ASA-2008-039.htm

http://support.avaya.com/elmodocs2/security/ASA-2008-078.htm

http://www.debian.org/security/2008/dsa-1466

http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2008:022

http://www.mandriva.com/security/advisories?name=MDVSA-2008:023

http://www.mandriva.com/security/advisories?name=MDVSA-2008:025

http://www.openbsd.org/errata41.html#012_xorg

http://www.openbsd.org/errata42.html#006_xorg

http://www.redhat.com/support/errata/RHSA-2008-0030.html

http://www.redhat.com/support/errata/RHSA-2008-0031.html

http://www.securityfocus.com/archive/1/487335/100/0/threaded

http://www.securityfocus.com/bid/27336

http://www.securityfocus.com/bid/27354

http://www.vupen.com/english/advisories/2008/0179

http://www.vupen.com/english/advisories/2008/0184

http://www.vupen.com/english/advisories/2008/0497/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/39766

https://issues.rpath.com/browse/RPL-2010

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11718

https://usn.ubuntu.com/571-1/

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html

Details

Source: MITRE

Published: 2008-01-18

Updated: 2018-10-15

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:x.org:xserver:*:*:*:*:*:*:*:* versions up to 1.4 (inclusive)

cpe:2.3:a:xfree86_project:xfree86-misc:*:*:*:*:*:*:*:*

Tenable Plugins

View all (30 total)

IDNameProductFamilySeverity
130509Solaris 10 (sparc) : 125719-60NessusSolaris Local Security Checks
high
107439Solaris 10 (sparc) : 125719-57NessusSolaris Local Security Checks
high
107438Solaris 10 (sparc) : 125719-56NessusSolaris Local Security Checks
high
107437Solaris 10 (sparc) : 125719-55NessusSolaris Local Security Checks
high
107436Solaris 10 (sparc) : 125719-54NessusSolaris Local Security Checks
high
107435Solaris 10 (sparc) : 125719-42NessusSolaris Local Security Checks
high
67636Oracle Linux 5 : xorg-x11-server (ELSA-2008-0031)NessusOracle Linux Local Security Checks
high
67635Oracle Linux 4 : xorg-x11 (ELSA-2008-0030)NessusOracle Linux Local Security Checks
high
60348Scientific Linux Security Update : xorg-x11-server on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
60347Scientific Linux Security Update : xorg-x11 on SL4.x i386/x86_64NessusScientific Linux Local Security Checks
high
43668CentOS 5 : xorg-x11-server (CESA-2008:0031)NessusCentOS Local Security Checks
high
43667CentOS 4 : xorg-x11 (CESA-2008:0030)NessusCentOS Local Security Checks
high
41183SuSE9 Security Update : XFree86-Xnest (YOU Patch Number 12043)NessusSuSE Local Security Checks
high
41182SuSE9 Security Update : XFree86-libs (YOU Patch Number 12040)NessusSuSE Local Security Checks
high
37710Mandriva Linux Security Advisory : x11-server-xgl (MDVSA-2008:025)NessusMandriva Local Security Checks
high
37567Mandriva Linux Security Advisory : x11-server (MDVSA-2008:023)NessusMandriva Local Security Checks
high
30088FreeBSD : xorg -- multiple vulnerabilities (fe2b6597-c9a4-11dc-8da8-0008a18a9961)NessusFreeBSD Local Security Checks
high
30076Fedora 7 : xorg-x11-server-1.3.0.0-15.fc7 (2008-0831)NessusFedora Local Security Checks
high
30073Fedora 8 : xorg-x11-server-1.3.0.0-39.fc8 (2008-0760)NessusFedora Local Security Checks
high
30059Debian DSA-1466-1 : xorg-server - several vulnerabilitiesNessusDebian Local Security Checks
high
30042Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : xorg-server regression (USN-571-2)NessusUbuntu Local Security Checks
high
30041SuSE 10 Security Update : X11 libs and server (ZYPP Patch Number 4860)NessusSuSE Local Security Checks
high
30040SuSE 10 Security Update : xorg-x11-Xnest (ZYPP Patch Number 4875)NessusSuSE Local Security Checks
high
30033GLSA-200801-09 : X.Org X server and Xfont library: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
30019Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : libxfont, xorg-server vulnerabilities (USN-571-1)NessusUbuntu Local Security Checks
high
30017openSUSE 10 Security Update : xorg-x11-Xnest (xorg-x11-Xnest-4859)NessusSuSE Local Security Checks
high
30003RHEL 5 : xorg-x11-server (RHSA-2008:0031)NessusRed Hat Local Security Checks
high
30002RHEL 4 : xorg-x11 (RHSA-2008:0030)NessusRed Hat Local Security Checks
high
26989Solaris 10 (sparc) : 125719-58 (deprecated)NessusSolaris Local Security Checks
high
23609Solaris 9 (x86) : 118908-06NessusSolaris Local Security Checks
high