CVE-2007-6429

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension.

References

http://bugs.gentoo.org/show_bug.cgi?id=204362

http://docs.info.apple.com/article.html?artnum=307562

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=645

http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

http://lists.freedesktop.org/archives/xorg/2008-January/031918.html

http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html

http://secunia.com/advisories/28273

http://secunia.com/advisories/28532

http://secunia.com/advisories/28535

http://secunia.com/advisories/28536

http://secunia.com/advisories/28539

http://secunia.com/advisories/28540

http://secunia.com/advisories/28542

http://secunia.com/advisories/28543

http://secunia.com/advisories/28550

http://secunia.com/advisories/28584

http://secunia.com/advisories/28592

http://secunia.com/advisories/28616

http://secunia.com/advisories/28693

http://secunia.com/advisories/28718

http://secunia.com/advisories/28838

http://secunia.com/advisories/28843

http://secunia.com/advisories/28885

http://secunia.com/advisories/28941

http://secunia.com/advisories/29139

http://secunia.com/advisories/29420

http://secunia.com/advisories/29622

http://secunia.com/advisories/29707

http://secunia.com/advisories/30161

http://secunia.com/advisories/32545

http://security.gentoo.org/glsa/glsa-200801-09.xml

http://security.gentoo.org/glsa/glsa-200804-05.xml

http://securitytracker.com/id?1019232

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103200-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-200153-1

http://support.avaya.com/elmodocs2/security/ASA-2008-039.htm

http://support.avaya.com/elmodocs2/security/ASA-2008-078.htm

http://www.debian.org/security/2008/dsa-1466

http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2008:021

http://www.mandriva.com/security/advisories?name=MDVSA-2008:022

http://www.mandriva.com/security/advisories?name=MDVSA-2008:023

http://www.mandriva.com/security/advisories?name=MDVSA-2008:025

http://www.openbsd.org/errata41.html#012_xorg

http://www.openbsd.org/errata42.html#006_xorg

http://www.redhat.com/support/errata/RHSA-2008-0029.html

http://www.redhat.com/support/errata/RHSA-2008-0030.html

http://www.redhat.com/support/errata/RHSA-2008-0031.html

http://www.securityfocus.com/archive/1/487335/100/0/threaded

http://www.securityfocus.com/bid/27336

http://www.securityfocus.com/bid/27350

http://www.securityfocus.com/bid/27353

http://www.vupen.com/english/advisories/2008/0179

http://www.vupen.com/english/advisories/2008/0184

http://www.vupen.com/english/advisories/2008/0497/references

http://www.vupen.com/english/advisories/2008/0703

http://www.vupen.com/english/advisories/2008/0924/references

http://www.vupen.com/english/advisories/2008/3000

http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities

https://exchange.xforce.ibmcloud.com/vulnerabilities/39763

https://exchange.xforce.ibmcloud.com/vulnerabilities/39764

https://issues.rpath.com/browse/RPL-2010

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11045

https://usn.ubuntu.com/571-1/

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html

Details

Source: MITRE

Published: 2008-01-18

Updated: 2018-10-15

Type: CWE-189

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Tenable Plugins

View all (41 total)

IDNameProductFamilySeverity
130509Solaris 10 (sparc) : 125719-60NessusSolaris Local Security Checks
high
107439Solaris 10 (sparc) : 125719-57NessusSolaris Local Security Checks
high
107438Solaris 10 (sparc) : 125719-56NessusSolaris Local Security Checks
high
107437Solaris 10 (sparc) : 125719-55NessusSolaris Local Security Checks
high
107436Solaris 10 (sparc) : 125719-54NessusSolaris Local Security Checks
high
107435Solaris 10 (sparc) : 125719-42NessusSolaris Local Security Checks
high
67636Oracle Linux 5 : xorg-x11-server (ELSA-2008-0031)NessusOracle Linux Local Security Checks
high
67635Oracle Linux 4 : xorg-x11 (ELSA-2008-0030)NessusOracle Linux Local Security Checks
high
67634Oracle Linux 3 : XFree86 (ELSA-2008-0029)NessusOracle Linux Local Security Checks
high
60349Scientific Linux Security Update : XFree86 on SL3.x i386/x86_64NessusScientific Linux Local Security Checks
high
60348Scientific Linux Security Update : xorg-x11-server on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
60347Scientific Linux Security Update : xorg-x11 on SL4.x i386/x86_64NessusScientific Linux Local Security Checks
high
43668CentOS 5 : xorg-x11-server (CESA-2008:0031)NessusCentOS Local Security Checks
high
43667CentOS 4 : xorg-x11 (CESA-2008:0030)NessusCentOS Local Security Checks
high
41183SuSE9 Security Update : XFree86-Xnest (YOU Patch Number 12043)NessusSuSE Local Security Checks
high
41182SuSE9 Security Update : XFree86-libs (YOU Patch Number 12040)NessusSuSE Local Security Checks
high
37710Mandriva Linux Security Advisory : x11-server-xgl (MDVSA-2008:025)NessusMandriva Local Security Checks
high
37567Mandriva Linux Security Advisory : x11-server (MDVSA-2008:023)NessusMandriva Local Security Checks
high
34738HP-UX PHSS_38840 : HP-UX Running Xserver, Remote Execution of Arbitrary Code (HPSBUX02381 SSRT080083 rev.2)NessusHP-UX Local Security Checks
high
34737HP-UX PHSS_37972 : HP-UX Running Xserver, Remote Execution of Arbitrary Code (HPSBUX02381 SSRT080083 rev.2)NessusHP-UX Local Security Checks
high
34736HP-UX PHSS_34392 : HP-UX Running Xserver, Remote Execution of Arbitrary Code (HPSBUX02381 SSRT080083 rev.2)NessusHP-UX Local Security Checks
high
31780SuSE 10 Security Update : Xgl (ZYPP Patch Number 5100)NessusSuSE Local Security Checks
high
31779openSUSE 10 Security Update : xgl (xgl-5099)NessusSuSE Local Security Checks
high
31605Mac OS X Multiple Vulnerabilities (Security Update 2008-002)NessusMacOS X Local Security Checks
critical
30121openSUSE 10 Security Update : NX (NX-4952)NessusSuSE Local Security Checks
high
30088FreeBSD : xorg -- multiple vulnerabilities (fe2b6597-c9a4-11dc-8da8-0008a18a9961)NessusFreeBSD Local Security Checks
high
30076Fedora 7 : xorg-x11-server-1.3.0.0-15.fc7 (2008-0831)NessusFedora Local Security Checks
high
30073Fedora 8 : xorg-x11-server-1.3.0.0-39.fc8 (2008-0760)NessusFedora Local Security Checks
high
30059Debian DSA-1466-1 : xorg-server - several vulnerabilitiesNessusDebian Local Security Checks
high
30042Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : xorg-server regression (USN-571-2)NessusUbuntu Local Security Checks
high
30041SuSE 10 Security Update : X11 libs and server (ZYPP Patch Number 4860)NessusSuSE Local Security Checks
high
30040SuSE 10 Security Update : xorg-x11-Xnest (ZYPP Patch Number 4875)NessusSuSE Local Security Checks
high
30033GLSA-200801-09 : X.Org X server and Xfont library: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
30022CentOS 3 : XFree86 (CESA-2008:0029)NessusCentOS Local Security Checks
high
30019Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : libxfont, xorg-server vulnerabilities (USN-571-1)NessusUbuntu Local Security Checks
high
30017openSUSE 10 Security Update : xorg-x11-Xnest (xorg-x11-Xnest-4859)NessusSuSE Local Security Checks
high
30003RHEL 5 : xorg-x11-server (RHSA-2008:0031)NessusRed Hat Local Security Checks
high
30002RHEL 4 : xorg-x11 (RHSA-2008:0030)NessusRed Hat Local Security Checks
high
30001RHEL 2.1 / 3 : XFree86 (RHSA-2008:0029)NessusRed Hat Local Security Checks
high
26989Solaris 10 (sparc) : 125719-58 (deprecated)NessusSolaris Local Security Checks
high
23609Solaris 9 (x86) : 118908-06NessusSolaris Local Security Checks
high