ID CVE-2007-6428
Summary The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index.
References
Vulnerable Configurations
  • cpe:2.3:a:x.org:tog-cup:*:*:*:*:*:*:*:*
    cpe:2.3:a:x.org:tog-cup:*:*:*:*:*:*:*:*
  • cpe:2.3:a:x.org:xserver:*:*:*:*:*:*:*:*
    cpe:2.3:a:x.org:xserver:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 15-10-2018 - 21:53)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
oval via4
accepted 2013-04-29T04:15:38.122-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index.
family unix
id oval:org.mitre.oval:def:11754
status accepted
submitted 2010-07-09T03:56:16-04:00
title The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index.
version 24
redhat via4
advisories
  • rhsa
    id RHSA-2008:0029
  • rhsa
    id RHSA-2008:0030
  • rhsa
    id RHSA-2008:0031
rpms
  • XFree86-0:4.3.0-126.EL
  • XFree86-100dpi-fonts-0:4.3.0-126.EL
  • XFree86-75dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-14-100dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-14-75dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-15-100dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-15-75dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-2-100dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-2-75dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-9-100dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-9-75dpi-fonts-0:4.3.0-126.EL
  • XFree86-Mesa-libGL-0:4.3.0-126.EL
  • XFree86-Mesa-libGLU-0:4.3.0-126.EL
  • XFree86-Xnest-0:4.3.0-126.EL
  • XFree86-Xvfb-0:4.3.0-126.EL
  • XFree86-base-fonts-0:4.3.0-126.EL
  • XFree86-cyrillic-fonts-0:4.3.0-126.EL
  • XFree86-devel-0:4.3.0-126.EL
  • XFree86-doc-0:4.3.0-126.EL
  • XFree86-font-utils-0:4.3.0-126.EL
  • XFree86-libs-0:4.3.0-126.EL
  • XFree86-libs-data-0:4.3.0-126.EL
  • XFree86-sdk-0:4.3.0-126.EL
  • XFree86-syriac-fonts-0:4.3.0-126.EL
  • XFree86-tools-0:4.3.0-126.EL
  • XFree86-truetype-fonts-0:4.3.0-126.EL
  • XFree86-twm-0:4.3.0-126.EL
  • XFree86-xauth-0:4.3.0-126.EL
  • XFree86-xdm-0:4.3.0-126.EL
  • XFree86-xfs-0:4.3.0-126.EL
  • xorg-x11-0:6.8.2-1.EL.33.0.2
  • xorg-x11-Mesa-libGL-0:6.8.2-1.EL.33.0.2
  • xorg-x11-Mesa-libGLU-0:6.8.2-1.EL.33.0.2
  • xorg-x11-Xdmx-0:6.8.2-1.EL.33.0.2
  • xorg-x11-Xnest-0:6.8.2-1.EL.33.0.2
  • xorg-x11-Xvfb-0:6.8.2-1.EL.33.0.2
  • xorg-x11-deprecated-libs-0:6.8.2-1.EL.33.0.2
  • xorg-x11-deprecated-libs-devel-0:6.8.2-1.EL.33.0.2
  • xorg-x11-devel-0:6.8.2-1.EL.33.0.2
  • xorg-x11-doc-0:6.8.2-1.EL.33.0.2
  • xorg-x11-font-utils-0:6.8.2-1.EL.33.0.2
  • xorg-x11-libs-0:6.8.2-1.EL.33.0.2
  • xorg-x11-sdk-0:6.8.2-1.EL.33.0.2
  • xorg-x11-tools-0:6.8.2-1.EL.33.0.2
  • xorg-x11-twm-0:6.8.2-1.EL.33.0.2
  • xorg-x11-xauth-0:6.8.2-1.EL.33.0.2
  • xorg-x11-xdm-0:6.8.2-1.EL.33.0.2
  • xorg-x11-xfs-0:6.8.2-1.EL.33.0.2
  • xorg-x11-server-Xdmx-0:1.1.1-48.26.el5_1.5
  • xorg-x11-server-Xephyr-0:1.1.1-48.26.el5_1.5
  • xorg-x11-server-Xnest-0:1.1.1-48.26.el5_1.5
  • xorg-x11-server-Xorg-0:1.1.1-48.26.el5_1.5
  • xorg-x11-server-Xvfb-0:1.1.1-48.26.el5_1.5
  • xorg-x11-server-sdk-0:1.1.1-48.26.el5_1.5
refmap via4
apple APPLE-SA-2008-03-18
bid
  • 27336
  • 27355
bugtraq 20080130 rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs
confirm
debian DSA-1466
fedora
  • FEDORA-2008-0760
  • FEDORA-2008-0831
gentoo
  • GLSA-200801-09
  • GLSA-200804-05
  • GLSA-200805-07
idefense 20080117 Multiple Vendor X Server TOG-CUP Extension Information Disclosure Vulnerability
mandriva
  • MDVSA-2008:021
  • MDVSA-2008:022
  • MDVSA-2008:023
  • MDVSA-2008:025
mlist [xorg] 20080117 X.Org security advisory: multiple vulnerabilities in the X server
openbsd
  • [4.1] 20080208 012: SECURITY FIX: February 8, 2008
  • [4.2] 20080208 006: SECURITY FIX: February 8, 2008
sectrack 1019232
secunia
  • 28273
  • 28532
  • 28535
  • 28536
  • 28539
  • 28540
  • 28542
  • 28543
  • 28550
  • 28584
  • 28592
  • 28616
  • 28693
  • 28718
  • 28838
  • 28843
  • 28885
  • 28941
  • 29139
  • 29420
  • 29622
  • 29707
  • 30161
sunalert
  • 103200
  • 200153
suse
  • SUSE-SA:2008:003
  • SUSE-SR:2008:003
  • SUSE-SR:2008:008
ubuntu USN-571-1
vupen
  • ADV-2008-0179
  • ADV-2008-0184
  • ADV-2008-0497
  • ADV-2008-0703
  • ADV-2008-0924
xf xorg-togcup-information-disclosure(39761)
Last major update 15-10-2018 - 21:53
Published 18-01-2008 - 23:00
Back to Top