CVE - CVE-2008-1377

CVE-ID
CVE-2008-1377	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2009-02-12 URL:http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html BUGTRAQ:20080620 rPSA-2008-0200-1 xorg-server URL:http://www.securityfocus.com/archive/1/493548/100/0/threaded BUGTRAQ:20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs URL:http://www.securityfocus.com/archive/1/493550/100/0/threaded CONFIRM:ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff CONFIRM:http://support.apple.com/kb/HT3438 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201 CONFIRM:https://issues.rpath.com/browse/RPL-2607 CONFIRM:https://issues.rpath.com/browse/RPL-2619 DEBIAN:DSA-1595 URL:http://www.debian.org/security/2008/dsa-1595 GENTOO:GLSA-200806-07 URL:http://security.gentoo.org/glsa/glsa-200806-07.xml GENTOO:GLSA-200807-07 URL:http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml HP:HPSBUX02381 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321 HP:SSRT080083 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321 IDEFENSE:20080611 Multiple Vendor X Server Record and Security Extensions Multiple Memory Corruption Vulnerabilities URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721 MANDRIVA:MDVSA-2008:115 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:115~~ (Obsolete source) MANDRIVA:MDVSA-2008:116 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:116~~ (Obsolete source) MLIST:[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions URL:http://lists.freedesktop.org/archives/xorg/2008-June/036026.html OVAL:oval:org.mitre.oval:def:10109 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109 REDHAT:RHSA-2008:0502 URL:http://rhn.redhat.com/errata/RHSA-2008-0502.html REDHAT:RHSA-2008:0503 URL:http://www.redhat.com/support/errata/RHSA-2008-0503.html REDHAT:RHSA-2008:0504 URL:http://rhn.redhat.com/errata/RHSA-2008-0504.html REDHAT:RHSA-2008:0512 URL:http://rhn.redhat.com/errata/RHSA-2008-0512.html SECTRACK:1020247 URL:http://securitytracker.com/id?1020247 SECUNIA:30627 URL:http://secunia.com/advisories/30627 SECUNIA:30628 URL:http://secunia.com/advisories/30628 SECUNIA:30629 URL:http://secunia.com/advisories/30629 SECUNIA:30630 URL:http://secunia.com/advisories/30630 SECUNIA:30637 URL:http://secunia.com/advisories/30637 SECUNIA:30659 URL:http://secunia.com/advisories/30659 SECUNIA:30664 URL:http://secunia.com/advisories/30664 SECUNIA:30666 URL:http://secunia.com/advisories/30666 SECUNIA:30671 URL:http://secunia.com/advisories/30671 SECUNIA:30715 URL:http://secunia.com/advisories/30715 SECUNIA:30772 URL:http://secunia.com/advisories/30772 SECUNIA:30809 URL:http://secunia.com/advisories/30809 SECUNIA:30843 URL:http://secunia.com/advisories/30843 SECUNIA:31025 URL:http://secunia.com/advisories/31025 SECUNIA:31109 URL:http://secunia.com/advisories/31109 SECUNIA:32099 URL:http://secunia.com/advisories/32099 SECUNIA:32545 URL:http://secunia.com/advisories/32545 SECUNIA:33937 URL:http://secunia.com/advisories/33937 SUNALERT:238686 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1~~ (Obsolete source) SUSE:SUSE-SA:2008:027 URL:http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html SUSE:SUSE-SR:2008:019 URL:http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html UBUNTU:USN-616-1 URL:http://www.ubuntu.com/usn/usn-616-1 VUPEN:ADV-2008-1803 URL:~~http://www.vupen.com/english/advisories/2008/1803~~ (Obsolete source) VUPEN:ADV-2008-1833 URL:~~http://www.vupen.com/english/advisories/2008/1833~~ (Obsolete source) VUPEN:ADV-2008-1983 URL:~~http://www.vupen.com/english/advisories/2008/1983/references~~ (Obsolete source) VUPEN:ADV-2008-3000 URL:~~http://www.vupen.com/english/advisories/2008/3000~~ (Obsolete source)
Assigning CNA
Red Hat, Inc.
Date Record Created
20080318	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080318)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)