CVE-2008-1377

2008-06-16 21:41:00 2018-10-11 22:32:29

The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

Vector

NETWORK

Complexity

LOW

Authentication

SINGLE_INSTANCE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

X X11 R7.3 (not an official CPE)

X - X11

Advisory	Patch	Confirmed	Link
			https://issues.rpath.com/browse/RPL-2619
			https://issues.rpath.com/browse/RPL-2607
			ADV-2008-3000
			ADV-2008-1983
			ADV-2008-1833
			USN-616-1
			ADV-2008-1803
			20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x...
			RHSA-2008:0503
			20080620 rPSA-2008-0200-1 xorg-server
			MDVSA-2008:116
			MDVSA-2008:115
			GLSA-200807-07
			DSA-1595
			http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201
			http://support.avaya.com/elmodocs2/security/ASA-2008-249...
			238686
			http://support.apple.com/kb/HT3438
			GLSA-200806-07
			1020247
			RHSA-2008:0504
			RHSA-2008:0512
			RHSA-2008:0502
			SUSE-SR:2008:019
			SUSE-SA:2008:027
			[xorg] 20080611 X.Org security advisory june 2008 - Mult...
			20080611 Multiple Vendor X Server Record and Security Ex...
			APPLE-SA-2009-02-12
			HPSBUX02381
			ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-...

CVE-2008-1377

2008-06-16 21:41:00 2018-10-11 22:32:29

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)