ID CVE-2008-2362
Summary Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption.
References
Vulnerable Configurations
  • cpe:2.3:a:x:x11:r7.3:*:*:*:*:*:*:*
    cpe:2.3:a:x:x11:r7.3:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 11-10-2018 - 20:40)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-04-29T04:12:38.817-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption.
family unix
id oval:org.mitre.oval:def:11246
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption.
version 19
redhat via4
advisories
bugzilla
id 448785
title CVE-2008-2362 X.org Render extension input validation flaw causing memory corruption
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • comment xorg-x11-server-Xdmx is earlier than 0:1.1.1-48.41.el5_2.1
          oval oval:com.redhat.rhsa:tst:20080504001
        • comment xorg-x11-server-Xdmx is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127002
      • AND
        • comment xorg-x11-server-Xephyr is earlier than 0:1.1.1-48.41.el5_2.1
          oval oval:com.redhat.rhsa:tst:20080504003
        • comment xorg-x11-server-Xephyr is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127004
      • AND
        • comment xorg-x11-server-Xnest is earlier than 0:1.1.1-48.41.el5_2.1
          oval oval:com.redhat.rhsa:tst:20080504005
        • comment xorg-x11-server-Xnest is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127006
      • AND
        • comment xorg-x11-server-Xorg is earlier than 0:1.1.1-48.41.el5_2.1
          oval oval:com.redhat.rhsa:tst:20080504007
        • comment xorg-x11-server-Xorg is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127008
      • AND
        • comment xorg-x11-server-Xvfb is earlier than 0:1.1.1-48.41.el5_2.1
          oval oval:com.redhat.rhsa:tst:20080504009
        • comment xorg-x11-server-Xvfb is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127010
      • AND
        • comment xorg-x11-server-sdk is earlier than 0:1.1.1-48.41.el5_2.1
          oval oval:com.redhat.rhsa:tst:20080504011
        • comment xorg-x11-server-sdk is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127012
rhsa
id RHSA-2008:0504
released 2008-06-11
severity Important
title RHSA-2008:0504: xorg-x11-server security update (Important)
rpms
  • xorg-x11-server-Xdmx-0:1.1.1-48.41.el5_2.1
  • xorg-x11-server-Xephyr-0:1.1.1-48.41.el5_2.1
  • xorg-x11-server-Xnest-0:1.1.1-48.41.el5_2.1
  • xorg-x11-server-Xorg-0:1.1.1-48.41.el5_2.1
  • xorg-x11-server-Xvfb-0:1.1.1-48.41.el5_2.1
  • xorg-x11-server-debuginfo-0:1.1.1-48.41.el5_2.1
  • xorg-x11-server-sdk-0:1.1.1-48.41.el5_2.1
refmap via4
apple APPLE-SA-2009-02-12
bid 29670
bugtraq
  • 20080620 rPSA-2008-0200-1 xorg-server
  • 20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs
confirm
debian DSA-1595
gentoo
  • GLSA-200806-07
  • GLSA-200807-07
idefense 20080611 Multiple Vendor X Server Render Extension Gradient Creation Integer Overflow Vulnerability
mandriva
  • MDVSA-2008:116
  • MDVSA-2008:179
mlist [xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions
sectrack 1020245
secunia
  • 30627
  • 30630
  • 30637
  • 30659
  • 30664
  • 30666
  • 30671
  • 30715
  • 30772
  • 30809
  • 30843
  • 31025
  • 31109
  • 32099
  • 33937
sunalert 238686
suse
  • SUSE-SA:2008:027
  • SUSE-SR:2008:019
ubuntu USN-616-1
vupen
  • ADV-2008-1803
  • ADV-2008-1833
  • ADV-2008-1983
Last major update 11-10-2018 - 20:40
Published 16-06-2008 - 19:41
Last modified 11-10-2018 - 20:40
Back to Top