CVE - CVE-2008-1377

CVE-ID
CVE-2008-1377	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
IDEFENSE:20080611 Multiple Vendor X Server Record and Security Extensions Multiple Memory Corruption Vulnerabilities URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721 BUGTRAQ:20080620 rPSA-2008-0200-1 xorg-server URL:http://www.securityfocus.com/archive/1/493548/100/0/threaded BUGTRAQ:20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs URL:http://www.securityfocus.com/archive/1/493550/100/0/threaded MLIST:[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions URL:http://lists.freedesktop.org/archives/xorg/2008-June/036026.html CONFIRM:ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201 CONFIRM:https://issues.rpath.com/browse/RPL-2607 CONFIRM:https://issues.rpath.com/browse/RPL-2619 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm CONFIRM:http://support.apple.com/kb/HT3438 APPLE:APPLE-SA-2009-02-12 URL:http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html DEBIAN:DSA-1595 URL:http://www.debian.org/security/2008/dsa-1595 GENTOO:GLSA-200806-07 URL:http://security.gentoo.org/glsa/glsa-200806-07.xml GENTOO:GLSA-200807-07 URL:http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml HP:HPSBUX02381 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321 HP:SSRT080083 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321 MANDRIVA:MDVSA-2008:116 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:116 MANDRIVA:MDVSA-2008:115 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:115 REDHAT:RHSA-2008:0502 URL:http://rhn.redhat.com/errata/RHSA-2008-0502.html REDHAT:RHSA-2008:0504 URL:http://rhn.redhat.com/errata/RHSA-2008-0504.html REDHAT:RHSA-2008:0512 URL:http://rhn.redhat.com/errata/RHSA-2008-0512.html REDHAT:RHSA-2008:0503 URL:http://www.redhat.com/support/errata/RHSA-2008-0503.html SUNALERT:238686 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1 SUSE:SUSE-SA:2008:027 URL:http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html SUSE:SUSE-SR:2008:019 URL:http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html UBUNTU:USN-616-1 URL:http://www.ubuntu.com/usn/usn-616-1 OVAL:oval:org.mitre.oval:def:10109 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109 SECUNIA:32545 URL:http://secunia.com/advisories/32545 VUPEN:ADV-2008-1803 URL:http://www.vupen.com/english/advisories/2008/1803 VUPEN:ADV-2008-1833 URL:http://www.vupen.com/english/advisories/2008/1833 VUPEN:ADV-2008-1983 URL:http://www.vupen.com/english/advisories/2008/1983/references SECTRACK:1020247 URL:http://securitytracker.com/id?1020247 SECUNIA:30627 URL:http://secunia.com/advisories/30627 SECUNIA:30628 URL:http://secunia.com/advisories/30628 SECUNIA:30629 URL:http://secunia.com/advisories/30629 SECUNIA:30630 URL:http://secunia.com/advisories/30630 SECUNIA:30637 URL:http://secunia.com/advisories/30637 SECUNIA:30659 URL:http://secunia.com/advisories/30659 SECUNIA:30664 URL:http://secunia.com/advisories/30664 SECUNIA:30666 URL:http://secunia.com/advisories/30666 SECUNIA:30671 URL:http://secunia.com/advisories/30671 SECUNIA:30715 URL:http://secunia.com/advisories/30715 SECUNIA:30772 URL:http://secunia.com/advisories/30772 SECUNIA:30809 URL:http://secunia.com/advisories/30809 SECUNIA:30843 URL:http://secunia.com/advisories/30843 SECUNIA:31109 URL:http://secunia.com/advisories/31109 SECUNIA:32099 URL:http://secunia.com/advisories/32099 SECUNIA:31025 URL:http://secunia.com/advisories/31025 SECUNIA:33937 URL:http://secunia.com/advisories/33937 VUPEN:ADV-2008-3000 URL:http://www.vupen.com/english/advisories/2008/3000
Assigning CNA
N/A
Date Entry Created
20080318	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080318)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org