CVE-2008-1377 - The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extensio

CVE-2008-1377

Summary

The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

References

Vulnerable Configurations

cpe:2.3:a:x:x11:r7.3:*:*:*:*:*:*:*
cpe:2.3:a:x:x11:r7.3:*:*:*:*:*:*:*

CVSS

Base:	9.0 (as of 11-10-2018 - 20:32)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:S/C:C/I:C/A:C

oval via4

accepted

2013-04-29T04:01:44.981-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990
comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:10109

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

advisories

rhsa
id RHSA-2008:0502
rhsa
id RHSA-2008:0503
rhsa
id RHSA-2008:0504
rhsa
id RHSA-2008:0512

rpms

XFree86-0:4.3.0-128.EL
XFree86-100dpi-fonts-0:4.3.0-128.EL
XFree86-75dpi-fonts-0:4.3.0-128.EL
XFree86-ISO8859-14-100dpi-fonts-0:4.3.0-128.EL
XFree86-ISO8859-14-75dpi-fonts-0:4.3.0-128.EL
XFree86-ISO8859-15-100dpi-fonts-0:4.3.0-128.EL
XFree86-ISO8859-15-75dpi-fonts-0:4.3.0-128.EL
XFree86-ISO8859-2-100dpi-fonts-0:4.3.0-128.EL
XFree86-ISO8859-2-75dpi-fonts-0:4.3.0-128.EL
XFree86-ISO8859-9-100dpi-fonts-0:4.3.0-128.EL
XFree86-ISO8859-9-75dpi-fonts-0:4.3.0-128.EL
XFree86-Mesa-libGL-0:4.3.0-128.EL
XFree86-Mesa-libGLU-0:4.3.0-128.EL
XFree86-Xnest-0:4.3.0-128.EL
XFree86-Xvfb-0:4.3.0-128.EL
XFree86-base-fonts-0:4.3.0-128.EL
XFree86-cyrillic-fonts-0:4.3.0-128.EL
XFree86-devel-0:4.3.0-128.EL
XFree86-doc-0:4.3.0-128.EL
XFree86-font-utils-0:4.3.0-128.EL
XFree86-libs-0:4.3.0-128.EL
XFree86-libs-data-0:4.3.0-128.EL
XFree86-sdk-0:4.3.0-128.EL
XFree86-syriac-fonts-0:4.3.0-128.EL
XFree86-tools-0:4.3.0-128.EL
XFree86-truetype-fonts-0:4.3.0-128.EL
XFree86-twm-0:4.3.0-128.EL
XFree86-xauth-0:4.3.0-128.EL
XFree86-xdm-0:4.3.0-128.EL
XFree86-xfs-0:4.3.0-128.EL
xorg-x11-0:6.8.2-1.EL.33.0.4
xorg-x11-Mesa-libGL-0:6.8.2-1.EL.33.0.4
xorg-x11-Mesa-libGLU-0:6.8.2-1.EL.33.0.4
xorg-x11-Xdmx-0:6.8.2-1.EL.33.0.4
xorg-x11-Xnest-0:6.8.2-1.EL.33.0.4
xorg-x11-Xvfb-0:6.8.2-1.EL.33.0.4
xorg-x11-deprecated-libs-0:6.8.2-1.EL.33.0.4
xorg-x11-deprecated-libs-devel-0:6.8.2-1.EL.33.0.4
xorg-x11-devel-0:6.8.2-1.EL.33.0.4
xorg-x11-doc-0:6.8.2-1.EL.33.0.4
xorg-x11-font-utils-0:6.8.2-1.EL.33.0.4
xorg-x11-libs-0:6.8.2-1.EL.33.0.4
xorg-x11-sdk-0:6.8.2-1.EL.33.0.4
xorg-x11-tools-0:6.8.2-1.EL.33.0.4
xorg-x11-twm-0:6.8.2-1.EL.33.0.4
xorg-x11-xauth-0:6.8.2-1.EL.33.0.4
xorg-x11-xdm-0:6.8.2-1.EL.33.0.4
xorg-x11-xfs-0:6.8.2-1.EL.33.0.4
xorg-x11-server-Xdmx-0:1.1.1-48.41.el5_2.1
xorg-x11-server-Xephyr-0:1.1.1-48.41.el5_2.1
xorg-x11-server-Xnest-0:1.1.1-48.41.el5_2.1
xorg-x11-server-Xorg-0:1.1.1-48.41.el5_2.1
xorg-x11-server-Xvfb-0:1.1.1-48.41.el5_2.1
xorg-x11-server-debuginfo-0:1.1.1-48.41.el5_2.1
xorg-x11-server-sdk-0:1.1.1-48.41.el5_2.1
XFree86-0:4.1.0-88.EL
XFree86-100dpi-fonts-0:4.1.0-88.EL
XFree86-75dpi-fonts-0:4.1.0-88.EL
XFree86-ISO8859-15-100dpi-fonts-0:4.1.0-88.EL
XFree86-ISO8859-15-75dpi-fonts-0:4.1.0-88.EL
XFree86-ISO8859-2-100dpi-fonts-0:4.1.0-88.EL
XFree86-ISO8859-2-75dpi-fonts-0:4.1.0-88.EL
XFree86-ISO8859-9-100dpi-fonts-0:4.1.0-88.EL
XFree86-ISO8859-9-75dpi-fonts-0:4.1.0-88.EL
XFree86-Xnest-0:4.1.0-88.EL
XFree86-Xvfb-0:4.1.0-88.EL
XFree86-cyrillic-fonts-0:4.1.0-88.EL
XFree86-devel-0:4.1.0-88.EL
XFree86-doc-0:4.1.0-88.EL
XFree86-libs-0:4.1.0-88.EL
XFree86-tools-0:4.1.0-88.EL
XFree86-twm-0:4.1.0-88.EL
XFree86-xdm-0:4.1.0-88.EL
XFree86-xf86cfg-0:4.1.0-88.EL
XFree86-xfs-0:4.1.0-88.EL

refmap via4

apple	APPLE-SA-2009-02-12
bugtraq	20080620 rPSA-2008-0200-1 xorg-server 20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs
confirm	ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff http://support.apple.com/kb/HT3438 http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201 https://issues.rpath.com/browse/RPL-2607 https://issues.rpath.com/browse/RPL-2619
debian	DSA-1595
gentoo	GLSA-200806-07 GLSA-200807-07
hp	HPSBUX02381 SSRT080083
idefense	20080611 Multiple Vendor X Server Record and Security Extensions Multiple Memory Corruption Vulnerabilities
mandriva	MDVSA-2008:115 MDVSA-2008:116
mlist	[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions
sectrack	1020247
secunia	30627 30628 30629 30630 30637 30659 30664 30666 30671 30715 30772 30809 30843 31025 31109 32099 32545 33937
sunalert	238686
suse	SUSE-SA:2008:027 SUSE-SR:2008:019
ubuntu	USN-616-1
vupen	ADV-2008-1803 ADV-2008-1833 ADV-2008-1983 ADV-2008-3000

Last major update

11-10-2018 - 20:32

Published

16-06-2008 - 19:41

Last modified

11-10-2018 - 20:32