CVE-2008-1377

HIGH

Description

The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

References

ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721

http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

http://lists.freedesktop.org/archives/xorg/2008-June/036026.html

http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html

http://rhn.redhat.com/errata/RHSA-2008-0502.html

http://rhn.redhat.com/errata/RHSA-2008-0504.html

http://rhn.redhat.com/errata/RHSA-2008-0512.html

http://secunia.com/advisories/30627

http://secunia.com/advisories/30628

http://secunia.com/advisories/30629

http://secunia.com/advisories/30630

http://secunia.com/advisories/30637

http://secunia.com/advisories/30659

http://secunia.com/advisories/30664

http://secunia.com/advisories/30666

http://secunia.com/advisories/30671

http://secunia.com/advisories/30715

http://secunia.com/advisories/30772

http://secunia.com/advisories/30809

http://secunia.com/advisories/30843

http://secunia.com/advisories/31025

http://secunia.com/advisories/31109

http://secunia.com/advisories/32099

http://secunia.com/advisories/32545

http://secunia.com/advisories/33937

http://security.gentoo.org/glsa/glsa-200806-07.xml

http://securitytracker.com/id?1020247

http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1

http://support.apple.com/kb/HT3438

http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201

http://www.debian.org/security/2008/dsa-1595

http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2008:115

http://www.mandriva.com/security/advisories?name=MDVSA-2008:116

http://www.redhat.com/support/errata/RHSA-2008-0503.html

http://www.securityfocus.com/archive/1/493548/100/0/threaded

http://www.securityfocus.com/archive/1/493550/100/0/threaded

http://www.ubuntu.com/usn/usn-616-1

http://www.vupen.com/english/advisories/2008/1803

http://www.vupen.com/english/advisories/2008/1833

http://www.vupen.com/english/advisories/2008/1983/references

http://www.vupen.com/english/advisories/2008/3000

https://issues.rpath.com/browse/RPL-2607

https://issues.rpath.com/browse/RPL-2619

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109

Details

Source: MITRE

Published: 2008-06-16

Updated: 2018-10-11

Type: CWE-189

Risk Information

CVSS v2.0

Base Score: 9

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8

Severity: HIGH