CVE-2008-1377

HIGH

Description

The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

References

ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721

http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

http://lists.freedesktop.org/archives/xorg/2008-June/036026.html

http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html

http://rhn.redhat.com/errata/RHSA-2008-0502.html

http://rhn.redhat.com/errata/RHSA-2008-0504.html

http://rhn.redhat.com/errata/RHSA-2008-0512.html

http://secunia.com/advisories/30627

http://secunia.com/advisories/30628

http://secunia.com/advisories/30629

http://secunia.com/advisories/30630

http://secunia.com/advisories/30637

http://secunia.com/advisories/30659

http://secunia.com/advisories/30664

http://secunia.com/advisories/30666

http://secunia.com/advisories/30671

http://secunia.com/advisories/30715

http://secunia.com/advisories/30772

http://secunia.com/advisories/30809

http://secunia.com/advisories/30843

http://secunia.com/advisories/31025

http://secunia.com/advisories/31109

http://secunia.com/advisories/32099

http://secunia.com/advisories/32545

http://secunia.com/advisories/33937

http://security.gentoo.org/glsa/glsa-200806-07.xml

http://securitytracker.com/id?1020247

http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1

http://support.apple.com/kb/HT3438

http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201

http://www.debian.org/security/2008/dsa-1595

http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2008:115

http://www.mandriva.com/security/advisories?name=MDVSA-2008:116

http://www.redhat.com/support/errata/RHSA-2008-0503.html

http://www.securityfocus.com/archive/1/493548/100/0/threaded

http://www.securityfocus.com/archive/1/493550/100/0/threaded

http://www.ubuntu.com/usn/usn-616-1

http://www.vupen.com/english/advisories/2008/1803

http://www.vupen.com/english/advisories/2008/1833

http://www.vupen.com/english/advisories/2008/1983/references

http://www.vupen.com/english/advisories/2008/3000

https://issues.rpath.com/browse/RPL-2607

https://issues.rpath.com/browse/RPL-2619

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109

Details

Source: MITRE

Published: 2008-06-16

Updated: 2018-10-11

Type: CWE-189

Risk Information

CVSS v2.0

Base Score: 9

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:x:x11:r7.3:*:*:*:*:*:*:*

Tenable Plugins

View all (34 total)

IDNameProductFamilySeverity
67702Oracle Linux 5 : xorg-x11-server (ELSA-2008-0504)NessusOracle Linux Local Security Checks
critical
67701Oracle Linux 4 : xorg-x11 (ELSA-2008-0503)NessusOracle Linux Local Security Checks
high
67700Oracle Linux 3 : XFree86 (ELSA-2008-0502)NessusOracle Linux Local Security Checks
high
60423Scientific Linux Security Update : xorg-x11-server on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
60422Scientific Linux Security Update : xorg-x11 on SL4.x i386/x86_64NessusScientific Linux Local Security Checks
high
60420Scientific Linux Security Update : XFree86 on SL3.x i386/x86_64NessusScientific Linux Local Security Checks
high
43690CentOS 5 : xorg-x11-server (CESA-2008:0504)NessusCentOS Local Security Checks
critical
41215SuSE9 Security Update : XFree86 (YOU Patch Number 12170)NessusSuSE Local Security Checks
critical
40158openSUSE Security Update : xorg-x11-Xvnc (xorg-x11-Xvnc-36)NessusSuSE Local Security Checks
critical
40155openSUSE Security Update : xgl (xgl-155)NessusSuSE Local Security Checks
critical
38138Mandriva Linux Security Advisory : x11-server (MDVSA-2008:116)NessusMandriva Local Security Checks
critical
35684Mac OS X Multiple Vulnerabilities (Security Update 2009-001)NessusMacOS X Local Security Checks
critical
34738HP-UX PHSS_38840 : HP-UX Running Xserver, Remote Execution of Arbitrary Code (HPSBUX02381 SSRT080083 rev.2)NessusHP-UX Local Security Checks
high
34737HP-UX PHSS_37972 : HP-UX Running Xserver, Remote Execution of Arbitrary Code (HPSBUX02381 SSRT080083 rev.2)NessusHP-UX Local Security Checks
high
34736HP-UX PHSS_34392 : HP-UX Running Xserver, Remote Execution of Arbitrary Code (HPSBUX02381 SSRT080083 rev.2)NessusHP-UX Local Security Checks
high
34303SuSE 10 Security Update : Xgl (ZYPP Patch Number 5528)NessusSuSE Local Security Checks
critical
34302openSUSE 10 Security Update : xgl (xgl-5526)NessusSuSE Local Security Checks
critical
33398Slackware 12.1 / current : xorg-server (SSA:2008-183-01)NessusSlackware Local Security Checks
critical
33364CentOS 4 : xorg-x11 (CESA-2008:0503)NessusCentOS Local Security Checks
high
33243GLSA-200806-07 : X.Org X server: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
33199Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : xorg-server vulnerabilities (USN-616-1)NessusUbuntu Local Security Checks
critical
33187FreeBSD : xorg -- multiple vulnerabilities (800e8bd5-3acb-11dd-8842-001302a18722)NessusFreeBSD Local Security Checks
critical
33181Fedora 7 : xorg-x11-server-1.3.0.0-17.fc7 (2008-5285)NessusFedora Local Security Checks
critical
33180Fedora 8 : xorg-x11-server-1.3.0.0-46.fc8 (2008-5279)NessusFedora Local Security Checks
critical
33179Fedora 9 : xorg-x11-server-1.4.99.902-3.20080612.fc9 (2008-5254)NessusFedora Local Security Checks
critical
33176Debian DSA-1595-1 : xorg-server - several vulnerabilitiesNessusDebian Local Security Checks
critical
33170CentOS 3 : XFree86 (CESA-2008:0502)NessusCentOS Local Security Checks
high
33166openSUSE 10 Security Update : xorg-x11-server (xorg-x11-server-5316)NessusSuSE Local Security Checks
critical
33165openSUSE 10 Security Update : xorg-x11-Xvnc (xorg-x11-Xvnc-5317)NessusSuSE Local Security Checks
critical
33164SuSE 10 Security Update : X.org (ZYPP Patch Number 5321)NessusSuSE Local Security Checks
critical
33154RHEL 2.1 : XFree86 (RHSA-2008:0512)NessusRed Hat Local Security Checks
high
33153RHEL 5 : xorg-x11-server (RHSA-2008:0504)NessusRed Hat Local Security Checks
critical
33152RHEL 4 : xorg-x11 (RHSA-2008:0503)NessusRed Hat Local Security Checks
high
33151RHEL 3 : XFree86 (RHSA-2008:0502)NessusRed Hat Local Security Checks
high